Secure entry into remote systems
Tom 'Needs A Hat' Mitchell
mitch48 at sbcglobal.net
Thu May 20 13:57:27 UTC 2004
On Wed, May 19, 2004 at 12:59:05PM +0800, Edward wrote:
.....
> So, I was thinking about setting up dyndns or no-ip addresses for these
> servers, then opening up the firewall for either ssh or VPN. None of my
> customers have a static internet address.
DynDNS costs money small as it is and you still have to script the
discovery of the DHCP assigned address. Since you have to do that
anyhow there is no reason you cannot simply update a resource you own
via ftp, scp, email, what ever. Heck a simple wget from a periodic
cron job of a small special file name on your web site will log the
ipaddress that you need to ssh into the box. The file does not need
to exist.
Also knowing the IP address that each box is on you can now do a
polite port scan as part of the service. Check also for open mail relays.
SSH is about as secure as you can get.
SSH in as a normal user then use a second passwd to su/sudo
what you need to do.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the users
mailing list