Using private-key authentication with a passphrase, proved to be MUCH better. Nearly any excessive bandwidth-overhead, nor serious lagging (which was the main problems when running SSH firewall rules for brute-force attack tracking and blocking. It was basically too CPU intensive to be useful).
Regarding the key-authentication, both the generation of keys, and re-configuring of the SSH server to accept the keys was pretty straightforward. So now I'm enjoying fully secured SSHv2 sessions.
But again, I decided against utilizing some parts of my plans, like using 256bit AES cipher, instead of the intended 448bit Blowfish cipher, as it would be overkill with regards to the processing power available on the desktop machine I'm going to use ;P (Pentium-III 1st gen. 800Mhz). From what I know, Norwegian government-sections use 256bit AES, so it will more than suffice for my uses. Less is more.
I also set up a basic, free static hostname (with wildcards) to reach my public gateway-machine, and a secondary hostname for dynamic http-forwarding to the web-server hosted on the domain.
Good luck to the ones wanting to crack these streams! ;D
No comments:
Post a Comment