non-static IP tolerant whitelisting for SSH/FTP/etc

I don't want the overhead of managing "bad" addresses with iptables, so I'm thinking have iptables DROP all SSH/FTP/etc traffic except for mine. Problem with doing that though, is when my IP changes I'm locked out, if I want to login from anywhere else I'm locked out.

So, I figured I can setup a page on the server that when accessed will log my IP address to a file, then have cron look at the file every 5 minutes and inject any IP found in that file into the INPUT chain of iptables with an ACCEPT rule for SSH.

Problem with that though, is sooner or later I'll probably have a lapse of judgement and someone will stumble onto that special IP logging page. So, I figured instead of having that page log my IP, have the page send me an email with a random URL I can visit to log my IP.

Problem with that though is, sooner or later I'll probably have a lapse of judgement and share the code that handles it with someone else and they'll have access to my random number generator, which sooner or later will get passed along.

So, I figure if I set it up to generate a random string by searching Google for results of a random word in the dictionary and hash the response, HTTP headers and all, I should get a pretty unpredictable random string.

Anyway, just thought I'd toss this out there, see if I missed anything, other than my obvious lapse of judgement here even talking about it.

Have you considered port knocking?

I hadn't, but I like the sounds of it.

Kinda funny, I was just watching a documentary about a gambling regulator that rigged slot machines to pay jackpots when specific sequences of coins were entered.

Interesting, did he walk away with alot of money before being caught?

Let me know if port knocking ends up working for you