I like paranoid firewalls :)
stunnel is a real good catch, I almost forgot about it. We used it in
the earlier days a lot.
I'll use it in case the first entry in sshd audit file appears saying
"access denied" or something pointing in that direction.
I have very best experience using knocking and I highly recommend it for
clear logs. Always good if your open ports can not be scripted with the
shodan api ;)
Script kiddies and all those known bots are kept away by using dynamic
block lists.
My intital question was meant something like: Do you or others trust ssh
opened to the public internet and if so, under which circumstances?
Thanks again!
On 15.02.23 11:19, j.witvl...@mindef.nl wrote:
Before opening SSH to the wordld, you might contemplate encapsulating it with
stunnel.
It also helps with paranoid firewalls ;-)
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
