[CentOS] Securing SSH

Wed Mar 26 14:18:56 UTC 2008
Bowie Bailey <Bowie_Bailey at BUC.com>

Kai Schaetzl wrote:
> Robert Spangler wrote on Wed, 26 Mar 2008 08:03:48 -0400:
> > If you are going to use VPN then why not setup your remote site to
> > use VPN and bypass SSH altogether then?
> There could be several reasons, for instance:
> 1. SSH is all what is necessary
> 2. it's probably easier to have *one* VPN and then be able to ssh to
> dozens of other machines instead of setting up VPN on all of them and
> running several VPN tunnels at once

Use VPN to connect to your network and then ssh through the VPN tunnel
to any machines you need to work with.  This way only the VPN is exposed
to the Internet.

> > Bottom line is if you want to be secure don't use passwords for
> > login. 
> Still doesn't stop those brute-force attacks. It just makes them
> fail. That's the point about moving port etc., not the security.

Agreed.  I have one machine on my network that exposes an ssh connection
on a non-standard port.  My logs for the last month do not show a single
failed connection attempt.