On 3/4/21 6:00 PM, James Knott wrote:
On 2021-03-04 11:53 a.m., Adam Majer wrote:
If you want to have a quiet life for SSH admin only connections, limit to some IPv6 address unique for SSH. Then you don't have to worry about high ports. It will be quiet.
I don't know what you mean by unique for ssh but, with privacy addresses, the address used for outgoing connections is not the same as the one used for incoming. There is one consistent address, often based
Yeah, obviously you need an incoming address which is static. So, if you have some /64 assigned, then pick something in the range, assign to your interface and make it listening address for SSH-only. Privacy addresses are for outgoing connections only, though they are not really private (you are as identifiable as with current ipv4 address). And legacy programs have problems handling these addresses in the first place so people tend to turn them off. It was a nice idea but with little benefit. - Adam