Re: Enabling remote ssh access

From: Jose Maria Lopez Hernandez (jkerouac_at_bgsec.com)
Date: 03/29/05

  • Next message: Jose Maria Lopez Hernandez: "Re: Routers vs. Firewalls" 
    Date: Tue, 29 Mar 2005 11:11:33 +0200

    Troy Piggins wrote:
    > * Dr. Oz wrote:
    >
    >>I am working on a Linux network that was set-up by someone else and I
    >>need help enabling remote SSH access.
    >>
    >>Here's what I've done so far, but to no avail.
    >>
    >>iptables -A INPUT -p udp --sport 22 -j ACCEPT
    >
    >
    > Shouldn't that be:
    >
    > iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT

    I think the -m tcp it's not needed.
    And he also have to use the RELATED and ESTABLISHED
    rules for the outgoing traffic. Something like:
    iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    >
    >>and I've added the following to the hosts.allow file:
    >>
    >>ALL:ALL
    >>sshd:ALL
    >
    >
    > Note -------+ (not ssh_config)
    > V
    > /etc/ssh/sshd_config add these lines :
    >
    > PermitRootLogin no
    > AllowUsers troy
    >
    > If you don't have strong passwords, you should look at public key auth
    > too.

    Regards. 

    -- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                 -- Jack Kerouac, "On the Road"
  • Next message: Jose Maria Lopez Hernandez: "Re: Routers vs. Firewalls"

    Relevant Pages

    • Re: Monitoring software question
      ... tells port and protocol connected to and what local pc did ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
      (comp.security.firewalls)
    • Re: simple question about ip_forward and NAT routing.
      ... can access the internet. ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
      (comp.os.linux.networking)
    • Re: IDS, IPS and encrypted traffic
      ... Some people have had success using an squid proxy with the certificates ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. ...
      (Focus-IDS)
    • Re: Firewalling?
      ... If you have administrative access to the machine where the port is ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
      (comp.os.linux.networking)
    • Re: How to make bootable/live CD of installed OS
      ... Narendra wrote: ... bgSEC Seguridad y Consultoria de Sistemas Informaticos ... The only people for me are the mad ones -- the ones who are mad to live, ... the ones who never yawn or say a commonplace thing, but burn, burn, burn ...
      (comp.os.linux.misc)