2010/1/1 J65nko <[email protected]> > After some posts a discussion on the freebsd-table mailing list goes into > several approaches to deal with these SSH probes. > > See > http://lists.freebsd.org/pipermail/freebsd-stable/2009-December/053326.html > > You still could allow outgoing ssh traffic on port 22 and allow > incoming SSH on another port. > > Adriaan > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [email protected]" >
one thing i have done in the past is severly lock down ssh to a small set of ips with pf. I then ran openvpn to allow me to access from random places, and left the acl on that fairly loose. Everything was also based on keys and certs. Another way to do it is purchase a cheap shell somewhere, and use it to bounce off to get to your box. Your machine can then be acl'ed up well. Make sure to use agent forwarding though just in case anyone is running key logging etc on the remote shell _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[email protected]"
