[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Port Knocking on openBSD?
Greg Thomas wrote:
> Scenario: I need to be able to SSH into a box from anywhere in the world but not very often, a new exploit of SSH comes out. What's the better solution than port knocking to protect yourself from the exploit?
Same as the answer to "What's the protection if your port knocking
system has an exploit?"
> Just curious as it's interesting to think this stuff through and I'm not very knowledgable here.
One idea: have one box you keep "safe" and up to date and able to fix
quickly. New SSH exploit comes out, you fix that box first. Your
other systems are filtered to only accept ssh traffic from that one
box (actually, for redundancy purposes, have TWO boxes on totally
different locations/service providers)
Out at a random location? ssh into your "hub" machine, then from
there to the remote system you need to maintain.