In the past, I have used /etc/hosts.[deny|allow] to secure my SSH server
by restricting access to a limited number of IP addresses. This has
worked very well for me over the past 3 or 4 years, but now I need to
allow access to a non-enumerable set of client IP addresses, so I am
considering alternate methods. The first method on my list is to require
key-based authentication (no passwords). Secondly, I'm thinking about
using an alternate port (ie, 2222 instead of 22) simply to ward off
automated botnet logins.
Does anyone see a problem with this? Any other ideas?
Thanks in advance!
--Dave
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/