[CentOS] Securing SSH

Wed Mar 26 14:57:57 UTC 2008
Bowie Bailey <Bowie_Bailey at BUC.com>

Kai Schaetzl wrote:
> Bowie Bailey wrote on Wed, 26 Mar 2008 09:18:56 -0500:
> 
> > Use VPN to connect to your network and then ssh through the VPN
> > tunnel to any machines you need to work with.  This way only the
> > VPN is exposed to the Internet.
> 
> if the machines are within the LAN, yes. My original point was that
> if you have a static IP address for your local LAN *and* you want to
> restrict the *remote* machines to be ssh-connectable only from that
> LAN (which is a good security measure) *and* you are on the road you
> can still work on your remote machine by VPNing into your LAN. There
> are other solutions, but VPN is probably the easiest one as most SOHO
> routers should be able to terminate a VPN and it's likely that you
> want to connect to your LAN via VPN for other purposes, anyway. Doing
> that for the machines *within* your LAN is granted.

Ok.  I was thinking of a simpler "traveling user needs access to
machines on the LAN" scenario.  :)

-- 
Bowie