Re: SSH security

From: Bryan Paxton (evil7@deadhorse.net)
Date: 10/19/01


Subject: Re: SSH security
From: Bryan Paxton <evil7@deadhorse.net>
To: Brian Clifton <brian@omegadm.co.uk>
Date: 19 Oct 2001 11:17:43 -0500
Message-Id: <1003508263.25294.7.camel@sQa.deadhorse.net>

On Fri, 2001-10-19 at 08:57, Brian Clifton wrote:
> Does anyone know how to restrict ssh login access to certain ip's??
> e.g. like host.allow does? I have found un-authorised attempts trying
> to log in via ssh in var/logs/secure..

 Well, you could run sshd our of inetd, and use tcp_wrappers (I only
recommend tcp wrappers when it is a must situation).
But I would recommend filtering at the kernel level (ipchains,
netfilter, etc...).
The best approach would be to set up a ruleset that states the hosts
that are allowed to contact your box on port 22, then to deny to all
other traffic inbound for port 22 on your box.

Cheers
 

-- 
Bryan Paxton
Public PGP key: http://www.deadhorse.net/evil7.gpg



Relevant Pages

  • [NEWS] SSH service at Dell DRAC4 Denial of Service (Mocana)
    ... SSH service at Dell DRAC4 Denial of Service ... Dell Remote Access Card 4 allows customers to effectively manage ... After the use of such a port scanner, ...
    (Securiteam)
  • Re: Remote Desktop directly to another computer on the network
    ... default port... ... And there is no reason for me to believe that ssh ... When I have a multibillion company I will use the key pair, ... WinSCP for that to access my home SSH server. ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: SSH safety
    ... SSH safety (J.L. ... FC3 missing KDE menu items ... I was wondering how safe it is to open the ssh port up to the internet. ...
    (Fedora)
  • Re: Mac `owned in hacking competition
    ... the router's port forwarding rules. ... The firewall or a NAT router only stops connections initiated from ... ssh will let you set up forwarded ports in both ... You start an ssh session from the target machine (this is ...
    (uk.comp.sys.mac)
  • Re: SSH options re: NAT
    ... No, SSH is two-fold, a call to it on the client side results in a call ... port, meaning that any connections that come into that port are answered ... programming practice for daemons) Once the connection is established, ... don't want to execute a command on the remote side and you use -N. ...
    (comp.security.ssh)