nanog mailing list archives

Re: a record?

From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Sun, 20 Nov 2005 08:32:24 +0530


On 11/20/05, Alexei Roudnev <alex () relcom net> wrote:

Other approach exists as well - SecureID on firewall. Login to firewall,
authenticate, and have dynamic access list which opens ssh for you (and
still keep ssh on port != 22).


Or VPN in, or set up a tunnel of some sort.  Have ssh available over
the tunneled interface.  Yup, lots of options available.

Though, if you have a secure ssh and reasonable control of your
passwords it is probably safe to leave it at port 22 rather than
resorting to security by obscurity measures like running it on a
higher number port or (as at least one webhost does) running it on
443, with some kind of shim listening on that port, intercepting
requests to it and redirecting them to apache or sshd as appropriate.

Current thread:

Re: a record?, (continued)
- - Re: a record? william(at)elan.net (Nov 14)
    - Re: a record? Matthew Sullivan (Nov 14)
  - Re: a record? Frank Louwers (Nov 15)
    - Re: a record? John Levine (Nov 15)
    - Re: a record? Matthew Sullivan (Nov 18)
    - Re: a record? Eric Rescorla (Nov 18)
- RE: a record? Church, Chuck (Nov 15)
  - Re: a record? Patrick W. Gilmore (Nov 15)
    - Re: a record? Alexei Roudnev (Nov 19)
    - Re: a record? Austin McKinley (Nov 19)
    - Re: a record? Suresh Ramasubramanian (Nov 19)
    - Re: a record? Alexei Roudnev (Nov 19)
    - Re: a record? Suresh Ramasubramanian (Nov 19)
    - Re: a record? Sean Donelan (Nov 19)
    - Re: a record? Elmar K. Bins (Nov 20)
    - Re: a record? Patrick W. Gilmore (Nov 20)
    - Re: a record? Alexei Roudnev (Nov 20)
    - Re: a record? Elmar K. Bins (Nov 20)
    - Re: a record? Yann Berthier (Nov 20)
    - Re: a record? Suresh Ramasubramanian (Nov 20)
    - Re: a record? Yann Berthier (Nov 21)

(Thread continues...)