You are not logged in.
Pages: 1
I occasionally like to ssh into my machine from my phone.
However, obviously I use hosts.* to restrict access to sshd and the IP address I am connecting from (on my phone) changes all the time.
Since I don't think that adding all the possible addresses my phone ISP uses to hosts.allow is a good idea, does anyone have any alternatives?
Offline
if your ip address changes with every login, restrictions in hosts.allow are not an applicable solution. on my hosts i use denyhosts or fail2ban for protection. both are in the repositories.
Offline
Denyhosts is a safe bet. It will blacklist IPs after consecutive failed attempts to login. There is a nice guide in the wiki. Also, strengthening the SSH daemon settings is recommended as well (changing the port, disabling root login, disallowing X forwarding, reducing MaxAuthTries, tuning MaxStartups etc). Of course the ultimate SSH protection is via the use of keys but I doubt this would be applicable for a mobile phone.
Offline
I use something similar to DenyHosts with rules in iptables. It's enough for me in combination with only allowing key based logins.
You could look at Single Packet Authentication. This would allow you to keep your SSH port closed most of the time and only open it to a single IP address when required by a ping packet with a signed/encrypted payload. It's similar to port knocking but is not susceptible to replay attacks.
Offline
I don't know what kind of phone you have, but if you're using Android, the application 'Connectbot' supports the use of keys...and it's free
Scott
Good call, dude! Keys! How could I forget keys?!
And I'll look into DenyHosts too - makes sense to protect against the most likely attack!
Thanks everyone for your suggestions!
Extra exclamation mark!
Last edited by dtw (2010-08-11 16:33:55)
Offline
I use PuTTY on my Symbian S60 Edition 5 with keys and passphrase and it works flawlessly! (In case you don't have an Android that is...)
Offline
Well, the hacked phrak thread has good ideas too.
I'm also known as zmv on IRC.
Offline
Pages: 1