You are not logged in.

Pages: 1

#1 2010-08-10 10:12:59

dtw
Forum Fellow
From: UK
Registered: 2004-08-03
Posts: 4,439
Website

SSH from a phone

I occasionally like to ssh into my machine from my phone.

However, obviously I use hosts.* to restrict access to sshd and the IP address I am connecting from (on my phone) changes all the time.

Since I don't think that adding all the possible addresses my phone ISP uses to hosts.allow is a good idea, does anyone have any alternatives?

Offline

#2 2010-08-10 10:19:12

hcjl
Member
From: berlin
Registered: 2007-06-29
Posts: 330

Re: SSH from a phone

if your ip address changes with every login, restrictions in hosts.allow are not an applicable solution. on my hosts i use denyhosts or fail2ban for protection. both are in the repositories.

Offline

#3 2010-08-10 10:56:44

Foucault
Member
From: Athens, Greece
Registered: 2010-04-06
Posts: 214

Re: SSH from a phone

Denyhosts is a safe bet. It will blacklist IPs after consecutive failed attempts to login. There is a nice guide in the wiki. Also, strengthening the SSH daemon settings is recommended as well (changing the port, disabling root login, disallowing X forwarding, reducing MaxAuthTries, tuning MaxStartups etc). Of course the ultimate SSH protection is via the use of keys but I doubt this would be applicable for a mobile phone.

AUR packagesgithub

Offline

#4 2010-08-10 11:10:50

mikesd
Member
From: Australia
Registered: 2008-02-01
Posts: 788
Website

Re: SSH from a phone

I use something similar to DenyHosts with rules in iptables. It's enough for me in combination with only allowing key based logins.

You could look at Single Packet Authentication. This would allow you to keep your SSH port closed most of the time and only open it to a single IP address when required by a ping packet with a signed/encrypted payload. It's similar to port knocking but is not susceptible to replay attacks.

[ twitter | blog | configs ]

Offline

#5 2010-08-10 15:13:14

firecat53
Member
From: Lake Stevens, WA, USA
Registered: 2007-05-14
Posts: 1,542
Website

Re: SSH from a phone

I don't know what kind of phone you have, but if you're using Android, the application 'Connectbot' supports the use of keys...and it's free smile

Scott

Github

Offline

#6 2010-08-11 16:32:38

dtw
Forum Fellow
From: UK
Registered: 2004-08-03
Posts: 4,439
Website

Re: SSH from a phone

firecat53 wrote:

I don't know what kind of phone you have, but if you're using Android, the application 'Connectbot' supports the use of keys...and it's free smile

Scott

Good call, dude!  Keys!  How could I forget keys?!

And I'll look into DenyHosts too - makes sense to protect against the most likely attack!

Thanks everyone for your suggestions!

Extra exclamation mark!

Last edited by dtw (2010-08-11 16:33:55)

Offline

#7 2010-08-12 16:25:52

idosh
Member
Registered: 2008-11-07
Posts: 42

Re: SSH from a phone

I use PuTTY on my Symbian S60 Edition 5 with keys and passphrase and it works flawlessly! (In case you don't have an Android that is...)

Offline

#8 2010-08-15 14:57:15

valium97582
Member
Registered: 2010-06-19
Posts: 126

Re: SSH from a phone

Well, the hacked phrak thread has good ideas too.

I'm also known as zmv on IRC.

Offline

Pages: 1

Board footer

Powered by FluxBB