• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
SSH security question... Please comment my thoughts...
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SSH security question... Please comment my thoughts...

  • Subject: SSH security question... Please comment my thoughts...
  • From: Bernardo Hoehl <email@hidden>
  • Date: Thu, 3 Nov 2005 13:54:40 -0200
Hi List!


This might look off-topic, but as you read further I guess you will understand what I mean.

I have a Mac that works as an email server, and also is my private Mac at work.

It is running on a valid, accessible IP, working 24 hours a day, and I sometimes have to access it thru SSH (port 22) from home to copy files.

Lately I have seen in "system.log" that it has become the target of crackers who are trying to remote login. (guys from ASIA mostly)

Basically they keep on trying to login using different login names and passwords. They haven't been successful, but I must confess, they are very annoying to me.

I have "fixed" the problem, for the time being, by simply adding these rules to ipfw:

00010 allow tcp from 200.244.95.99 to any 22 in <---my home IP number
02099 deny tcp from any to any 22 in

So that I can still login from home.

I wonder that it might one day come the case that I will need to login from a Hotel location somewhere in the world, and won't be able to. So I start to think of remotely "openning ways" into my server.

Basically I would need to pass my current ip number into a script that would run add an "allow" rule to ipfw.

I thought of using a PHP script that I could access thru a web browser (this server also has apache running), and paste my current IP number in a web form, also thought of having a rule in Mail.app, so that I would send an email to myself, under some conditions would trigger the applescript that adds "allow rule". But this case would not work if Mail.app just unexpetedly quits, or simply stays hanged on a "keychain" error window.

I really would preffer an applescript solution to the problem, of course I know, that there some other ways of approaching this, simply treating it as a Firewall question. But I want to stay in applescript.

My request:


Can you guys give some ideas of how you would approach the problem? How do I remotely pass my current IP to my Mac?


Thanks!


Bernardo Höhl
Rio de Janeiro - Brazil
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Applescript-users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: SSH security question... Please comment my thoughts...
      • From: "Steven D. Majewski" <email@hidden>
    • Re: SSH security question... Please comment my thoughts...
      • From: Emmanuel <email@hidden>
  • Prev by Date: Re: iPhoto "launch" bug?
  • Next by Date: Records
  • Previous by thread: Re: Reloading PDF-document in Preview using AppleScript
  • Next by thread: Re: SSH security question... Please comment my thoughts...
  • Index(es):
    • Date
    • Thread