another security question

Christopher Wagner chrisw at pacaids.com
Mon Mar 11 10:01:26 PST 2002


I would pick solution A, honestly..

I believe SSH is secure enough with RSA keys that there is not much to worry
about, as long as you keep up on your updates.

- Christopher Wagner
chrisw at pacaids.com

Packaging Aids Corporation - Information Systems
P.O. Box 9144
San Rafael, CA 94912-9144
http://www.pacaids.com/
(415) 454-4868 x116


-----Original Message-----
From: augie [mailto:schwer at sonic.net]
Sent: Sunday, March 10, 2002 1:59 PM
To: talk at nblug.org
Subject: another security question


ok lets say i've got an always on connection at home, and i have a
firewall/gateway between my internal LAN, and the internet.

now suppose i am at school, and i've forgotten a file at home. luckily i
have
my laptop with me, and both my gateway and the machine where the file
resides
are up. what would be the best setup security wise to retrieve my file?

Solution A:
on the laptop in a .ssh/config file tell it when connecting to the gateway
to
use port 30 instead of port 22. thus limiting some direct scans on the
gateway.
then on the gateway forward all port 30 requests to the internal machine
which will be running sshd, and will only accept RSA key authentication, no
passwords.

or

Solution B:
same laptop setup as Solution A, but this time instead of forwarding port 30
just run sshd on the gateway, and again only accept RSA key authentication.
then from the gateway ssh into the internal machine, again using key
authentication.

or

Some other Solution: ...

i have reservations about both methods.
Solution A troubles me because anyone smart enough or lucky enough to just
try port 30 on the gateway would be let right in to the internal network.
in Solution B i am concerned about keeping private keys on a public machine.

thoughts fellow nblugers?



More information about the talk mailing list