On 18 Apr 2006 at 14:37, Adrian Irving-Beer wrote: > On Sun, Apr 16, 2006 at 06:47:56PM -0400, Dan Langille wrote: > > > Also, make use of the ssh config file to limit incoming connections > > to known IP addresses. > > > > And best of all, require the use of sshe keys to login, not > > passwords. > > What I do is, I have one secure workstation that has keys to every > system out there, and those keys are accepted from any IP address. > > Any other workstations or servers that need to connect to other > servers have their own client keys. These keys are only accepted from > that specific server's IP, so one cannot grab a key from a given > system and use it to connect from somewhere else. > > Finally, all other authentication methods are disabled, making these > keys the only way to get in. > > To me, this is the best of both worlds, since it limits the damage > that cracking any one key can do. It applies IP-based restrictions > that are actually stricter than just a general "can only SSH from > these IPs" rule, and it still allows me to connect from anywhere in > the case of a problem. > > Note that I actually use one key per client-server combo, meaning that > system A uses one key to connect to system B, and another key to > connect to system C. So every system has a list of inbound and > outbound keys, and the effect of losing or compromising a single key > are very minimal. Of course, this can get a little tricky to manage, > so I've written some hacky programs and makefiles to get it all to > work. You could probably reap only sligtly smaller security benefits > by just having one key per client system. Presumably these keys have passphrases. -- Dan Langille : Software Developer looking for work my resume: http://www.freebsddiary.org/dan_langille.php