Re: scp logged anywhere? (ftp-like logs)

• Next message: goo: "Re: scp logged anywhere? (ftp-like logs)"
• Previous message: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• In reply to: Peter Boosten: "Re: scp logged anywhere? (ftp-like logs)"
• Next in thread: goo: "Re: scp logged anywhere? (ftp-like logs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: goo <goo@q.com>
Date: Wed, 27 Mar 2002 17:27:07 -0500

Peter Boosten wrote:

>
> And even the packet analyzer won't get you anywhere :-)
>

really? I guess I've never looked at them.

So there's no way to find out what's going on at those ports at all.
That's good. I was running an ftp server and set up ipchains to drop all
packets from source IP's that I don't connect from. I didn't like the idea
of clear text passwords in ftp and I didn't want chroot'ed anonymous ftp
either becaseu that would require me to put things in those directories
before leaving home. ...so I opened up sshd ports on the firewall but I
don't like how sparse the logging is. I would like to know what's going on
so I can tell if someone has conencted without me knowing. And if they did
connect, what did they do? If all the logs show is the authenticated
connection, I really don't know much and I don't like that idea.

The best protection I have so far is I've seriously restricted the
AllowUsers in sshd config to only a few users connecting from specific IP's
or subnet/masks. And I've also added ipchains on the diskless router with
the same IP's so all packets heading to port 22 that are not coming from
those few, selected IP's are dropped and not forwarded to the lan.

and I updated ssh a little while ago when that security hole was found.

Is this about the best I can do to secure sshd?

I would like to setup kerberos authentication but I get lost as soon as I
start reading.

• Next message: goo: "Re: scp logged anywhere? (ftp-like logs)"
• Previous message: Richard Silverman: "Re: OpenSSH: which public keys are required/recommended?"
• In reply to: Peter Boosten: "Re: scp logged anywhere? (ftp-like logs)"
• Next in thread: goo: "Re: scp logged anywhere? (ftp-like logs)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ftp-proxy (again) ... The problem turned out to be local packets not being permitted by PF to ... when ftp-proxy switched to passive mode, ... redirecting the packets destined for FTP ports. ... So now traffic from the local network destined for FTP port 21 is sent ... (comp.unix.bsd.freebsd.misc) Re: Babysitting on iptables requested :-) ... Here's the list of ports that I see probed then I take the "Probe my ... this was a friendly probe; all packets were TCP SYNs - ... SYN is a packet that is used to initiate a TCP connection. ... >> between Windows machines, so without this a Windows machine in your ... (comp.os.linux.security) Re: Political Analysis of Security Products ... > bee collected nor has any evidence of such a backdoor ever really been ... send several packets to ports on the target system. ... be used for booth sides of the security game. ... (Pen-Test) RELENG_6_3 ping and DUP packets ... duplicate packets when pinging the upgraded machine. ... <ACPI PCI bus> on pcib0 ... usb0: USB revision 1.0 ... 2 ports with 2 removable, ... (freebsd-stable) Re: ftp vs http ... >> The FTP process communicates with an FTP server program running on the ... It only knows how to send and receive packets ... >> is part of the FP server extensions. ... (microsoft.public.frontpage.client)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint