Quote:
Originally Posted by 18Googol2
Just so you know you can use ssh key with passphrase
The followings configuration I would implement to secure ssh access and I think they are quite elegant:
- VPN
- No direct ssh access from internet. To access the server, all the ssh traffic is tunnelled (the only limitation with my current tunnelling application, hts & htc is it cant accept multiple tunneling connections. Anyone know the alternative one that can do this? )
- Port knocking
|
you can try stone (
/usr/ports/net/stone> cat pkg-descr
Stone is a TCP/IP packet repeater in the application layer. It
repeats TCP and UDP packets from inside to outside of a firewall, or
from outside to inside.
Stone has following features:
1. Simple.
Stone's source code is only 3000 lines long (written in C
language), so you can minimize the risk of security
holes.
2. Stone supports SSL.
Using OpenSSL (
http://www.openssl.org/), stone can
encrypt/decrypt packets.
3. Stone is a http proxy.
Stone can also be a tiny http proxy.
4. POP -> APOP conversion.
With stone and a mailer that does not support APOP, you can
access to an APOP server.
WWW:
http://www.gcd.org/sengoku/stone/
)