gilles at gravier.org
Mon Jan 19 10:46:07 UTC 2009
Charlie Brune wrote:
> Steve Lamb wrote:
>> Gilles Gravier wrote:
>>> Carry your key in a USB stick.
> Yes. That's what I do. Don't allow anything but public-key
> authentication. It's fast, easy and fun. I also listen on a port other
> than port 22 and only allow certain hard-to-guess users to log it.
I used to have that on port 53 (DNS) because some airport WiFi networks
which required you to pay to access the net let DNS queries out... and
did it in a sloppy manner (i.e. the firewall just allowed port 53 out
not worring about packet content, or type UDP/TCP)... They tend to clean
this up more and more... but I still have a bounce forwarding 53 to my
favorite SSH port-du-jour.
More information about the ubuntu-users