| 1 |
> > Well thank you for that. I had planned on setting up port knocking |
| 2 |
> > for ssh and cups but I guess I'm just as well off leaving them |
| 3 |
> > listening on 22 and 631? |
| 4 |
> |
| 5 |
> Fail2Ban, though a little intensive, seems to be a decent method for |
| 6 |
> avoiding unwanted SSH traffic while accepting trusted traffic. I have |
| 7 |
> seen one deployment where it seems passably inconspicuous, at least. |
| 8 |
> |
| 9 |
> Alternately, if you run SSH on an unusual port, you're unlikely to see |
| 10 |
> much Bot traffic. I would recommend this, if you're concerned, above |
| 11 |
> port knocking myself -- relying on a complicated "pre-authentication" |
| 12 |
> method rather than / in addition to a remote admin tool like SSH seems |
| 13 |
> to be asking for problems. |
| 14 |
|
| 15 |
Do you mean problems in the form of hassles? So you're saying ssh |
| 16 |
running on an unusual port is good enough? |
| 17 |
|
| 18 |
> > As for printing from lpr to cups across the internet, I should be |
| 19 |
> > encrypting that data shouldn't I? Nothing too sensitive but it sounds |
| 20 |
> > like a good thing to do. It looks like cups can use ssl but I don't |
| 21 |
> > see any mention of it in man lpr. |
| 22 |
> |
| 23 |
> SSH Tunneling and VPN come to mind too, but I must ask - what good is |
| 24 |
> printing a physical document across the net, unless the printer is |
| 25 |
> still only a little way away, and if so, what is it doing behind a |
| 26 |
> public network? I am curious about this deployment. |
| 27 |
|
| 28 |
I'd be happy to tell you more but I'm not sure what you mean. "Still |
| 29 |
only a little way away"? |
| 30 |
|
| 31 |
- Grant |
| 32 |
-- |
| 33 |
gentoo-user@l.g.o mailing list |
Archives