Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #36409
| From | Fritz Wuehler <fritz@spamexpire-202212.rodent.frell.theremailer.net> |
|---|---|
| Subject | Re: Guaranteeing SSH access to specific clients |
| References | <tmtf02ufi@gioia.aioe.org> |
| Message-ID | <f20b4fe9d0735323807e1b10099fc265@msgid.frell.theremailer.net> (permalink) |
| Date | 2022-12-09 04:13 +0100 |
| Newsgroups | comp.os.linux.misc |
| Organization | dizum.com - The Internet Problem Provider |
Harold Johanssen <noem...@please.net> [HJ]: HJ> Is it possible to guarantee SSH to a specific client, to the HJ> exclusion of all other clients? A few ideas that you might want to explore: Use port knocking There is even a port knocking server out there that can be configured to listen on the same port as the SSH server; after the former is done, it gets out of the way of the latter. The client must knock on the port (execute an appropriately configured port knocking client) before connecting. Use SSH over a VPN This way the client will always have a fixed IP (ie. that of their end of the VPN tunnel) and you can apply firewall rules blocking access to port 22 from all other IPs. Use 2FA (e.g. TOTP) + SSH The client visits a web page and is asked for a six digit number (generated by their TOTP authenticator app). The web server captures their IP address and unblocks access to the SSH server from that specific IP for the next X minutes/hours.
Back to comp.os.linux.misc | Previous | Next | Find similar
Re: Guaranteeing SSH access to specific clients Fritz Wuehler <fritz@spamexpire-202212.rodent.frell.theremailer.net> - 2022-12-09 04:13 +0100
csiph-web