"Brian Sydney Jathanna" <[EMAIL PROTECTED]> writes:
> On 10/9/08, Phill O'Flynn <[EMAIL PROTECTED]> wrote:
>>
>> Hi everyone
>> I am running a fedora server and currently using hosts.allow to
>> only allow ssh accesses from specific ip addresses. I did this because I
>> was getting
>> a lot of idiots from eastern Europe and Russia tring to crack my server.
>>
>> This has been ok but now is prooving to be too restrictive. Can I get the
>> server to force certificate based logins only?? If so how do I do it?? Is
>> this the
>> best approach anyway??
>
> I guess the best approach would be to consider using Port Knock
> http://www.portknocking.org/
Why would you consider that the best approach?
Port knocking is an additional password specified through a non-standard
mechanism, plus the added "security" of doing strange IP related things.
You gain *exactly* as much protection by providing yourself a CGI script
where you can enter a password and have the firewall modify your
firewall dynamically, without the added complexity or debugging of
having to find out why your IP based "knock" was delivered out of order,
or any of the other potential issues.
Regards,
Daniel
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
