[CentOS] Securing SSH

Wed Mar 26 14:39:27 UTC 2008
Kai Schaetzl <maillists at conactive.com>

Bowie Bailey wrote on Wed, 26 Mar 2008 09:18:56 -0500:

> Use VPN to connect to your network and then ssh through the VPN tunnel
> to any machines you need to work with.  This way only the VPN is exposed
> to the Internet.

if the machines are within the LAN, yes. My original point was that if you 
have a static IP address for your local LAN *and* you want to restrict the 
*remote* machines to be ssh-connectable only from that LAN (which is a 
good security measure) *and* you are on the road you can still work on 
your remote machine by VPNing into your LAN. There are other solutions, 
but VPN is probably the easiest one as most SOHO routers should be able to 
terminate a VPN and it's likely that you want to connect to your LAN via 
VPN for other purposes, anyway. Doing that for the machines *within* your 
LAN is granted.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com