how to block brute force attacks on reverse tunnels?
Gert Doering
gert at greenie.muc.de
Fri Apr 26 02:14:49 AEST 2024
Hi,
On Thu, Apr 25, 2024 at 11:14:56AM -0400, Steve Newcomb wrote:
> For many years I've been running ssh reverse tunnels on portable Linux,
> OpenWRT, Android etc. hosts so they can be accessed from a server whose IP
> is stable (I call such a server a "nexus host").
I tend to close everything "towards the Internet", except a single SSH
port which is then set to pubkey-only.
So you'd need to login to the nexus host and jump onwards from there
("ssh -J nexus-host" :) ) - which is not what you have been asking for,
but might be easier to achieve.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany gert at greenie.muc.de
More information about the openssh-unix-dev
mailing list