North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: a record?
On 11/20/05, Alexei Roudnev <[email protected]> wrote: > Other approach exists as well - SecureID on firewall. Login to firewall, > authenticate, and have dynamic access list which opens ssh for you (and > still keep ssh on port != 22). Or VPN in, or set up a tunnel of some sort. Have ssh available over the tunneled interface. Yup, lots of options available. Though, if you have a secure ssh and reasonable control of your passwords it is probably safe to leave it at port 22 rather than resorting to security by obscurity measures like running it on a higher number port or (as at least one webhost does) running it on 443, with some kind of shim listening on that port, intercepting requests to it and redirecting them to apache or sshd as appropriate.