[SLL] collaborate on a dnsbl?
Russell Evans
russell-evans at qwest.net
Thu May 12 14:41:03 PDT 2005
On Thu, 12 May 2005 14:01:48 -0700 (PDT)
"Chuck Wolber" <chuckw at quantumlinux.com> wrote:
> On Thu, 12 May 2005, Russell Evans wrote:
>
> > On Thu, 12 May 2005 12:48:26 -0700 (PDT) "Chuck Wolber"
> > <chuckw at quantumlinux.com> wrote:
> >
> > > lately. I would love to have my servers dynamically add an
> > > iptables rule to block ssh connection attempts.
> >
> >
> > Why do you need ssh access from any but known hosts? ( Does that
> > sentence work? ) I would think on servers, you would already block
> > ssh connections from all hosts except from a trusted "management"
> > host / network.
>
> I do block SSH from all but known hosts on nearly all of our, and our
> customer's servers. Some servers however, have to be open in case we
> need to connect from various connection points.
Why not connect into your management host / network and then connect to
your now open servers? This would only leave the one authenticating host
open to ssh connections from anywhere.
Thank you
Russell.
More information about the linux-list
mailing list