[rescue] SGI fw_sshd and security

Sheldon T. Hall shel at cmhcsys.com
Fri Mar 5 11:33:41 CST 2004

 Kevin Loch says ...
> Sheldon T. Hall wrote:
> >
> > Maybe I will follow through on my plan and implement a system
> > that lets me turn sshd on and off remotely....
> Does ssh need to be accessible to the entire Internet, or would
> some small subset do?
> For example, if you know you won't be ssh'ing from APNIC
> or RIPE address space, you might want to filter that.
> Better yet, only allow specific addresses/networks
> you know you will be sshing from.

In any case, I'd certainly like to restrict the IP addresses from whic I'll
accept connections, as there are certain parts of the world I'd prefer _had_
no IP addresses, since all I get from there is crap.

So ... how do I do this?


More information about the rescue mailing list