ssh login protection

[Edmund <cc () belfordhk com>]

Hi,

I was wondering if someone could clarify something for me.
I often ssh into two mail servers from dialup(thus dynamic
ip) at home.

Right now, I specify which IPs that can ssh into the two
machines but for dynamic IPs, I can't do that unless I
go crazy and allow xx.xx.xx.xx/16, which is not very
secure.  But due to the importance of me needing to ssh
to the servers, I've been 'slacking' off the security
and allowing a certain range of IPs (those that I'm
certain are from my ISP at home).
Can someone tell me if this is the appropriate way?
Or do I allow any IPs from sshing?


The reason why I'm asking is that I'll be taking
a holiday and believe I'll also need to ssh to the
mail servers.   I don't know the IPs ahead of
time since where I'll be staying, it'll also be
dynamically assigned.

Is there a solution to this problem?  I don't
want to open the servers to attacks from any
SSH-related issues that crackers would take
advantage of.

Any help appreciated





---------------------------------------------------------------------------
----------------------------------------------------------------------------