I say if you can enforce key-based authentication that is the way to go. -Daniel
On Fri, Mar 28, 2008 at 9:12 PM, Dave Smith <[EMAIL PROTECTED]> wrote: > In the past, I have used /etc/hosts.[deny|allow] to secure my SSH server > by restricting access to a limited number of IP addresses. This has > worked very well for me over the past 3 or 4 years, but now I need to > allow access to a non-enumerable set of client IP addresses, so I am > considering alternate methods. The first method on my list is to require > key-based authentication (no passwords). Secondly, I'm thinking about > using an alternate port (ie, 2222 instead of 22) simply to ward off > automated botnet logins. > > Does anyone see a problem with this? Any other ideas? > > Thanks in advance! > > --Dave > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
