Security Basics mailing list archives
Re: Cisco PIX with SSH enabled on external port for maintenance
From: Alloishus BeauMains <all0i5hu5 () gmail com>
Date: Wed, 16 Nov 2005 16:09:24 -0600
You can tunnel everything through SSH as well as VPN. VPN just closes down local network access if specified. VPN can use group authentication, but this seems to be just like an authentication key much like the one that SSH has. If you use an authentication key (This is an encrypted physically different file you have to load on your outside machines) and then an appropriate passphrase to go with it. SSH already encrypts the traffic, just like VPN. I am not sure how much VPN offers, additionally to this. Especially not for the money, since SSH (with SSHD) is completely free and can be loaded on any system. So, to me, it seems like you would be paying for, or supplying more equipment only to get the "disconnected from rest of LAN" portion of VPN. Anyhow, there is my take on it. You can make SSH as secure as you want it to be through those methods I mentioned. On 11/15/05, John Maher <john.e.maher () gmail com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Largret wrote:If you DO allow access to SSH to the outside world, there are a few things you can do to make it more secure: 1. Use a non-standard port 2. Use only the strongest algorithms that SSH supports 3. Change the passwords regularly 4. Allow only strong passwords 5. Limit which IP addresses can connectIf feasible, I would recommend using public key authentication and disabling password authentication. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDeknDuY7WcSII22oRAqCHAJ0cidbUKqRm4qUKzu/8buP/62haAgCcDJhf H7mx4DzKwoJz01a/R6gVN+M= =r+xe -----END PGP SIGNATURE-----
Current thread:
- Cisco PIX with SSH enabled on external port for maintenance Cam Fischer (Nov 10)
- Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 15)
- Re: Cisco PIX with SSH enabled on external port for maintenance Chris Largret (Nov 15)
- Re: Cisco PIX with SSH enabled on external port for maintenance John Maher (Nov 16)
- Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 17)
- Re: Cisco PIX with SSH enabled on external port for maintenance Cory Stoker (Nov 21)
- Re: Cisco PIX with SSH enabled on external port for maintenance Alloishus BeauMains (Nov 21)
- Re: Cisco PIX with SSH enabled on external port for maintenance John Maher (Nov 16)
- <Possible follow-ups>
- Re: Cisco PIX with SSH enabled on external port for maintenance Steve.Cummings (Nov 15)
- ActivX execution with PowerUser Privilege Marco Spennato (Nov 16)
- Re: Cisco PIX with SSH enabled on external port for maintenance Cory Stoker (Nov 16)