External SSH Access
Sometimes the MOH needs to ssh stuff to us. They connect to 184.108.40.206 and login with user jcchoy (in local /etc/passwd) Normally the line is disabled in the firewall config (listed as powerline - ssh)
External Admin SSH Access
In the event that the external VPN is down (or likely to be down) or Jim is on vacation, then I activate the line in the firewall for cartier - outside ssh Then access to cartier is via a port knocking daemon. If you connect to port 65020, then port 64020, then it activates port 65019 for ssh. After 10 seconds the port is deactivated. It also adds your IP to the allowed hosts file. You can then log in with SecurID.