Firewall security: Problems with simple Samba file share 3581

Please quote. I have seen only fuzzy generalities.

Ah good! An example!

Why restrict ssh? There's no point in restricting ssh. Nobody can log in through it without your pbuttword and-or digital key, no matter where they try from. And the whole idea is to give you access wherever you are calling from, securely.

Nobody unauthorised can log in. If you don't want somebody in particular to log in through ssh, why have you given him a pbuttword on your machine?

Why do you think that he has kept his private key secure? Or do you mean that the client must present a certificate? (normally we do not care WHERE we are logging in from! The point of ssh is to allow you to log in from unexpected places, or expected places, securely, with authetication).

No point - there's a 6 second delay anyway, and I type badly. And it helps somebody steal the pbuttword by using a fake ssh frontend that aborts the connect after stealing the pbuttword.

It worse - it does nothing. You don't want to restrict ssh entries, because the point of ssh is to allow secure entries from anywhere. You try logging in from your laptop on an internet cafe otherwise!

(I knew this would be the case - any example of a server that needs restriction is likely to be an example of a server that is prevented from doing what it is supposed to be doing; and it would do that safely, if left to itself; because that's what it is supposed to do).

Peter