[CentOS] Securing SSH

Wed Mar 26 14:46:02 UTC 2008
Tom Brown <tom at ng23.net>

> if the machines are within the LAN, yes. My original point was that if you 
> have a static IP address for your local LAN *and* you want to restrict the 
> *remote* machines to be ssh-connectable only from that LAN (which is a 
> good security measure) *and* you are on the road you can still work on 
> your remote machine by VPNing into your LAN. There are other solutions, 
> but VPN is probably the easiest one as most SOHO routers should be able to 
> terminate a VPN and it's likely that you want to connect to your LAN via 
> VPN for other purposes, anyway. Doing that for the machines *within* your 
> LAN is granted.

openvpn is perfect for this sort of situation -