csc2ya wrote:I'm already using no-ip.org, and have my router set to update my ip with them every time it changes.
It's not knowing my home ip that's the problem.
It's that if i'm connecting from a machine in another location, I never know which ip i'll be connecting from, so as I say, I cannot restrict access to just a certain range of ip's.
Ok i understand what your saying now. Connecting from internet cafe, a friends house, wireless hotspot, the parents place, ect ect. That does change the whole approach.
I did spot an app the other day while searching google for something totally unrelated though. Basically it runs on the same pc that the ssh server runs from. Basically what it does is bans any ip that tries to make a connection through ssh but fails (an example would be wrong password). You can seen the ban length as well as the trigger (how many failed attempts it allows before it issues a ban). If i manage to come across it again ill let you know. I cant for the life of me remember what it was called or what i was even searching for at the time.
Edit:I found it. Its called "fail2ban"
http://www.howtoforge.com/fail2ban_debian_etchThat howto is for debian etch. But it should also apply to ubuntu and i imagine any distro.
May also provide some extra security to change the default ssh port.
Then to connect use
- Code: Select all
ssh USER@IP -p PORT
In due time any port scanning bots are likely to find it again so this is trivial.
This may also be of interest to you
http://www.cipherdyne.com/psad/Its a portscan detector. However i cant say if it works or even how well as i have no experience with it. Just passing the info along.
Posted: Fri Jun 19, 2009 6:53 am