220 xx.xx.xx.edu MultiNet FTP Server Process V5.2(16) at Thu 26-Mar-2009 8:19PM-EDT
ftp> site window-size 1073741824
200 TCP window size now 1073741824 bytes
Strangest ftp command competition, anyone?
ipset -N bofhirc iphashadds a rule giving only ips added to the bofhirc set access to bofhirc.example.org port 22. How ips are added to that set is up to you (Port knocking, messenger pigeon, ocr on a piece of paper held up in front of a webcam...) but involves ipset -A bofhirc <ip> at some point. And hopefully ipset -D bofhirc <ip> at some other point to revoke that access again. All without disturbing your carefully-tuned iptables config on every login.
iptables -m set --set bofhirc src -d bofhirc.example.org -p tcp \
-m tcp --dport 22 -j ACCEPT
objectClass: vpnAccessPersonto the relevant user in ldap. The ips involved are private and assigned by OpenVPN, so there's no risk of aliasing for multiple users behind a NAT.