Quote:
Originally Posted by keithlybsd
I prefer to only use ssh keys for login and not allow user/pass.
|
Just so you know you can use ssh key with passphrase
The followings configuration I would implement to secure ssh access and I think they are quite elegant:
- VPN
- No direct ssh access from internet. To access the server, all the ssh traffic is tunnelled (the only limitation with my current tunnelling application, hts & htc is it cant accept multiple tunneling connections. Anyone know the alternative one that can do this?
)
- Port knocking