Alan Pope wrote:
On Sat, Jan 12, 2008 at 12:56:30PM +0000, Stephen Garton wrote:
Hi Al,
On 12/01/2008, Alan Pope <[EMAIL PROTECTED]> wrote:
On Sat, Jan 12, 2008 at 09:13:56AM +0000, Stephen Garton wrote:
On a box at home, I have ssh running on a non-specific high numbered
port. Is it possible to also have it (ssh) listen on port 22, but
limit it to computers on the local network?
Why also have it on 22? Why not just edit ~/.ssh/config and add a line like
this:-
Host box
Port 2222
(or whatever the hostname and port number is)
I do/did. When I had (continuing your example) Port 2222 on it's own
in /etc/ssh/sshd_config (please let me know if this is not the one I
should be using, as it is the one I have stored in my notes that are a
year or two old on how to use ssh!) Tomboy reported it couldn't
contact the host.
I am talking about the client not the server. Put that line in ~/.ssh/config
on the _client_ and that tells it what port the server uses.
The reason for asking is that I'd like to do things like synchronise
my tomboy notes over ssh, but there is nowhere in tomboy (that I can
find) to configure the port for the add-in.
I do the above for exactly this reason.
Sorry, I think I'm lost. Will tomboy sync over ssh when a non-standard
port is used?
Yes. On my server I have /etc/ssh/sshd_config set to 2222, on my client I
have ~/.ssh/config set to tell my client what port the server is on. Job
done. It works.
Cheers,
Al.
I don't bother changing the server port for sshd, it's security through
obscurity. The crackers who only look for your server on port 22 are
more of a nuisance than anything else, there's no way they'll get in
unless you have a seriously crap password. If someone puts more effort
into it they'll find your server no matter what port it's on, and it's
them you'll have to worry about. You could also just disable password
authentication and set yourself up key-based access to your boxes.
I also use FreeNX for remote access to Gnome desktops which doesn't yet
work properly when you use a different port and block password
authentication. So I just use Denyhosts to block clients that fail
authentication, 1 try for the root account and 3 tries for any other
account. They get blocked almost instantly using /etc/hosts.deny and I
get emailed with their IP and hostname.
Regards,
Tom
--
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
https://wiki.kubuntu.org/UKTeam/
