[TAG] Question about restricting SSH access and open access to a specific computer
Suramya Tomar
security at suramya.com
Sat Jan 14 18:24:03 MSK 2006
Hi Everyone,
I have a question for you regarding restricting access to my computer.
I am running a Debian system and have SSH (OpenSSH_4.2p1) running. I use
IPtables to restrict SSH access to a selected set of IP's.
Now the problem I am facing is that while I am in India my public IP
changes at random intervals so every day or so I have to login to my
server via another system who's IP thankfully doesn't change and give my
public IP access to that system. While this is not a big deal its still
a pain to do.
Now I don't want to open access to the entire C network for my IP in
India but want to make my life easier. So was wondering if there was
some other way of limiting access that limited access to a specific IP
set but also let me authenticate using a token or something?
The command I am using for limiting access is:
# Open SSH access from India
iptables -A INPUT -s xxx.xxx.xxx.xxx -p tcp -m tcp --dport 22 -j ACCEPT
# Deny access to ssh from ALL IP's
iptables -A INPUT -p tcp --dport 22 -j DROP
I have been reading about port knocking but think that its a pain to
setup, any pro's/cons of using that approach?
Any idea's or suggestions? Thanks for the help.
Thanks,
Suramya
--
----------------------------------------------------------
Mountain Dew and doughnuts... because breakfast is the
most important meal of the day
----------------------------------------------------------
Name : Suramya Tomar
Homepage URL: http://www.suramya.com
-------------------------------------------------
************************************************************
Disclaimer:
Any errors in spelling, tact, or fact are transmission errors.
************************************************************
More information about the TAG
mailing list