On Wednesday 26 March 2008 07:31, Kai Schaetzl wrote:
The idea of only allowing for strict ip address is good but what if you are on the move?
If you have a static IP address, this is not a problem. You VPN into your home LAN and from there to the restricted machine.
If you are going to use VPN then why not setup your remote site to use VPN and bypass SSH altogether then?
We could go on for day here with the arguments and counter-arguments. The point is everyone is going to do what they find best for them. What works for one might not for another.
Bottom line is if you want to be secure don't use passwords for login. If you must then make them as hard to crack as possible. The problem with this is people will tend to write them down if they are too hard to remember.