Kai Schaetzl wrote: > Robert Spangler wrote on Wed, 26 Mar 2008 08:03:48 -0400: > > > If you are going to use VPN then why not setup your remote site to > > use VPN and bypass SSH altogether then? > > There could be several reasons, for instance: > 1. SSH is all what is necessary > 2. it's probably easier to have *one* VPN and then be able to ssh to > dozens of other machines instead of setting up VPN on all of them and > running several VPN tunnels at once Use VPN to connect to your network and then ssh through the VPN tunnel to any machines you need to work with. This way only the VPN is exposed to the Internet. > > Bottom line is if you want to be secure don't use passwords for > > login. > > Still doesn't stop those brute-force attacks. It just makes them > fail. That's the point about moving port etc., not the security. Agreed. I have one machine on my network that exposes an ssh connection on a non-standard port. My logs for the last month do not show a single failed connection attempt. -- Bowie