> > Well thank you for that. I had planned on setting up port knocking > > for ssh and cups but I guess I'm just as well off leaving them > > listening on 22 and 631? > > Fail2Ban, though a little intensive, seems to be a decent method for > avoiding unwanted SSH traffic while accepting trusted traffic. I have > seen one deployment where it seems passably inconspicuous, at least. > > Alternately, if you run SSH on an unusual port, you're unlikely to see > much Bot traffic. I would recommend this, if you're concerned, above > port knocking myself -- relying on a complicated "pre-authentication" > method rather than / in addition to a remote admin tool like SSH seems > to be asking for problems.
Do you mean problems in the form of hassles? So you're saying ssh running on an unusual port is good enough? > > As for printing from lpr to cups across the internet, I should be > > encrypting that data shouldn't I? Nothing too sensitive but it sounds > > like a good thing to do. It looks like cups can use ssl but I don't > > see any mention of it in man lpr. > > SSH Tunneling and VPN come to mind too, but I must ask - what good is > printing a physical document across the net, unless the printer is > still only a little way away, and if so, what is it doing behind a > public network? I am curious about this deployment. I'd be happy to tell you more but I'm not sure what you mean. "Still only a little way away"? - Grant -- gentoo-user@lists.gentoo.org mailing list
