On Mon, Jun 22, 2009 at 9:16 PM, Daniel Underwood <djuatde...@gmail.com>wrote:
> On a BSD box at work (at an extremely fast connection and static IP), > I run an SSH server. I am the only person who uses the server, but I > use it from some locations that are behind a dynamic IP (so I can't > set pf rules to filter by IP). I will always, however, use the same > laptop to connect to the server. Due to the speed and location of the > connection, it's a relatively high-risk target. > > What are some good practices for securing this SSH server. Is using a > stored key safer than a password in this instance? I have no > experience with port-knocking, but I'd appreciate some tips or > suggested beginning references... I welcome any and all advice. > > Note: I do require X11 forwarding (not sure whether that's relevant > information) > > TIA, > Daniel > Even though your IP is dynamic, I'd imagine you could still set pf rules to only allow SSH from certain IP ranges, which is better than nothing. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"