On 15/06/14 11:04, Chris Green wrote:
This is just an update about my recent questions regarding how to transfer files reasonably securely (as in system security rather than confidentiality of file content) from a remote unattended system.
[SNIP]
To connect from home to the BBB I used to ssh from home to <host on the internet> and then from there, via the tunnel, to the BBB. The reason for the intermediate system is that my home firewall only allows connections from <host on the internet> and a couple of other specific IP addresses. (This is to protect my home system from long term attacks using ssh)
Glad you found a solution to your problem.
As you mention protecting your home system from ssh attacks.
That made me think, so I just thought I'd mention. There are various articles on making ssh as secure as possible, by doing various things - highest of them is prevent root login, (and limiting ssh login to a specific users or groups) I presume you've done all that stuff. If not have a google!
I used to get loads of people trying to log into my ssh server. That is until I moved it to another port. I know "security through obscurity" isn't the best policy, I found that I went from tens of logins attempts a day, to one every month or two. You may want to try this if you're not already.
You could try running Denyhosts )or poss Failtoban). It monitors the log files for repeated failed login attempts, and if it find any, it adds a firewall rule to block the originating IP address for a while. Every little helps.
Please forgive me if you've already got all this covered, but I thought it might be helpful to mention it just in case, or in case anyone else is interested.
Cheers Steve