SSH and tunneling has it's own problems. SSH is not stable and it can disconnect due to minor delays in network or idles. Putty doesn't have any option for re-connect. Even if a program did then you still probably had to general keys for auto-login which in itself is very time consuming. On top that, SSH will be yet another application opened up in the OS. Also, what about those hard SIP phones? No SSH possible from those unless you bridge them to a PC. So things are complicated with SSH...I don't think it's worth the try.
Duane's prposal is a less problematic solution. But it's does introduce overhead. Higher bandwidth needed. Probably a better solution would be to install Fail2Ban and set really high ban time for IPs that violate proper password rules and set low tolerance for number of tries (e.g. ban if the user gets the password wrong even once). Fail2ban takes care of attacks on SIP, apache, ssh, you name it network services... that can run on linux. -Bruce > Date: Wed, 3 Feb 2010 09:19:24 +1000 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [on-asterisk] Secure Asterisk > > Ian Darwin wrote: > > For the latter case, given that they probably have laptops and are using > > a softphone, > > make them SSH login, and have that login trigger an opening back for > > their IP > > so their SIP phone can get through your firewall. > > Or just VPN and encrypt everything... > > -- > > Best regards, > Duane > > http://www.freeauth.org - Enterprise Two Factor Authentication > http://www.nodedb.com - Think globally, network locally > http://www.sydneywireless.com - Telecommunications Freedom > http://e164.org - Global Communication for the 21st Century > > "In the long run the pessimist may be proved right, > but the optimist has a better time on the trip." > _________________________________________________________________ Check your Hotmail from your phone. http://go.microsoft.com/?linkid=9708121
