Best practices for securing SSH server
Daniel Underwood
djuatdelta at gmail.com
Tue Jun 23 01:16:37 UTC 2009
On a BSD box at work (at an extremely fast connection and static IP),
I run an SSH server. I am the only person who uses the server, but I
use it from some locations that are behind a dynamic IP (so I can't
set pf rules to filter by IP). I will always, however, use the same
laptop to connect to the server. Due to the speed and location of the
connection, it's a relatively high-risk target.
What are some good practices for securing this SSH server. Is using a
stored key safer than a password in this instance? I have no
experience with port-knocking, but I'd appreciate some tips or
suggested beginning references... I welcome any and all advice.
Note: I do require X11 forwarding (not sure whether that's relevant information)
TIA,
Daniel
More information about the freebsd-questions
mailing list