[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Savannah-hackers-public] Re: [ #670138]

From: Jim Meyering
Subject: Re: [Savannah-hackers-public] Re: [ #670138] Dom0 upgrade
Date: Sun, 20 Feb 2011 18:16:12 +0100

Bernie Innocenti wrote:
> On Sun, 2011-02-20 at 12:13 +0100, Sylvain Beucler wrote:
>> That would be quite inconvenient.
> How about bouncing on fencepost, then?

If you're concerned enough to be restricting access to the ssh port,
routing ssh traffic through fencepost could be seen as counterproductive.
Many people have access to fencepost.

I'd go with fwknop:

i.e., keep the ssh port closed, and open it momentarily only upon
receipt of a packet whose contents is GPG signed by someone we'd let in.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]