I know you said you only want 443 open, but have you considered a port knocker to only open up ssh when you need it?

-M

On Fri, Aug 7, 2009 at 9:44 AM, Shawn Badger <badger.shawn@gmail.com> wrote:
As for the security on this, it is my intentions to first prevent browsing to the page. You will have to know the URL and then you get a password to connect to the page. Then this will be baked by iptalbes limiting who has access to get to that URL in the first place. I know this isn't 100% effective, but it should keep the kiddies at bay.

BTW, this isn't going to be a public addressable site either.  I would not put something like this out and make it public accessible, that is just asking for being hacked.




On Thu, Aug 6, 2009 at 4:54 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
I can offer my services to help you clean out the vermin later!

If they can't protect OpenSSL based SSH, even with a layer of
IPTABLES, how are you going to protect a system suid process?

Laugh <I agree with Ted here>.

On 8/6/09, Stephen <cryptworks@gmail.com> wrote:
> also there is a wikepedia article if you google web ssh or jsut browse
> them, they appeared to have a few options.
>
> On Thu, Aug 6, 2009 at 4:31 PM, Shawn Badger<badger.shawn@gmail.com> wrote:
>> That is more like what I ma looking for.
>>
>>
>> On Thu, Aug 6, 2009 at 4:19 PM, David Huerta <huertanix@gmail.com> wrote:
>>>
>>> On Thu, Aug 6, 2009 at 4:04 PM, Shawn Badger<badger.shawn@gmail.com>
>>> wrote:
>>> > Does any on the list know of a good web based ssh client?
>>> > I would prefer it to run on my own system as opposed to going though
>>> > one
>>> > that I don't have control over.
>>> > It would also be nice if it was able to pass x-windows as well all
>>> > though
>>> > that isn't a requirement.
>>> >
>>>
>>> This won't do X11 forwarding, but for general command line usage, this
>>> AJAX web app seems to work: http://anyterm.org/
>>>
>>> --
>>> [.dh]
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>


--
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss