On Sun, Apr 16, 2006 at 06:47:56PM -0400, Dan Langille wrote: > Also, make use of the ssh config file to limit incoming connections > to known IP addresses. > > And best of all, require the use of sshe keys to login, not > passwords. What I do is, I have one secure workstation that has keys to every system out there, and those keys are accepted from any IP address. Any other workstations or servers that need to connect to other servers have their own client keys. These keys are only accepted from that specific server's IP, so one cannot grab a key from a given system and use it to connect from somewhere else. Finally, all other authentication methods are disabled, making these keys the only way to get in. To me, this is the best of both worlds, since it limits the damage that cracking any one key can do. It applies IP-based restrictions that are actually stricter than just a general "can only SSH from these IPs" rule, and it still allows me to connect from anywhere in the case of a problem. Note that I actually use one key per client-server combo, meaning that system A uses one key to connect to system B, and another key to connect to system C. So every system has a list of inbound and outbound keys, and the effect of losing or compromising a single key are very minimal. Of course, this can get a little tricky to manage, so I've written some hacky programs and makefiles to get it all to work. You could probably reap only sligtly smaller security benefits by just having one key per client system.
Attachment:
signature.asc
Description: Digital signature