<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Mar 5, 2014 at 10:31 AM, Michael T. Dean <span dir="ltr"><<a href="mailto:mtdean@thirdcontact.com" target="_blank">mtdean@thirdcontact.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="">On 03/05/2014 01:17 PM, Karl Newman wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
I really love the idea of this, but I wish it were incorporated into every SSH client (PuTTY would be awesome). If you want to access your server from a device you don't own/control, it's easier to find a client with SSH installed than to find one with SSH plus SPA/FWKNOP.<br>
</blockquote>
<br></div>
BYOC. Assuming you can connect your phone to the network, you can use it to issue a request, which will open the port for SSH from the network (assuming NAT'ed network). Or, fix the "dumbed down" client app available on, e.g. Android, to let you type in an "allow IP" address (rather than just selecting one from a drop-down of addresses on the client system), then use your phone's client and network to send a request for the device/network you don't own/control.<br>
<br>
Anyway, my btmp is really happy with fwknop/SPA (and having seen how many miscreants are attempting SSH login on systems--even on non-standard ports--I feel much better not leaving an SSH port open on my network).<br>
<br>
Mike<br></blockquote></div><br></div><div class="gmail_extra">Now that I actually own a real smartphone that may be an option. Up to now I've been using fail2ban to block IPs based on failed login attempts and it works reasonably well, but SPA would definitely be an improvement in security. I do still want public port 80 (and 443) access, though, because I host my photo gallery. I guess I don't worry too much about the server getting compromised because it's primarily a myth box anyway, and it's just TV... I do make nightly backups of the important stuff (photos mainly...).<br>
<br></div><div class="gmail_extra">Karl<br></div></div>