RE: ssh alternatives

From: Steven Jones (Steven.Jones_at_vuw.ac.nz)
Date: 09/21/05

  • Next message: Nupur: "mount version older than the kernel" 
    Date: Wed, 21 Sep 2005 16:35:17 +1200
To: <greg.golin@gmail.com>, "General Red Hat Linux discussion list" <redhat-list@redhat.com>

    You can run ssh on 2 different ports and block one interface totally
    with iptables.

    Regards

    Thing

    -----Original Message-----
    From: Greg Golin [mailto:greg.golin@gmail.com]
    Sent: Wednesday, 21 September 2005 4:30 p.m.
    To: General Red Hat Linux discussion list
    Subject: Re: ssh alternatives

    Thanks, Thing.

    I use AllowUsers -- thats a great directive.

    I wonder if its possible to run sshd on two different ports on
    separate interfaces..

    GG

    On 9/20/05, Steven Jones <Steven.Jones@vuw.ac.nz> wrote:
    > We run ssh on a non-standard port and have no issues with scripts....
    >
    > Anyway options we use,
    >
    > 1) Non-standard ssh port
    >
    > 2) IPtables ruleset to limit ssh connections from known subnets or
    IPs.
    >
    > 3) Add config to sshd_config to only allow ssh connection from certain
    > users,
    >
    > Eg.,
    >
    > AllowUsers me you
    >
    > Tcpwrappers is also an option.
    >
    > We also run iptables to block on other ports eg 80, to our class B
    >
    > Regards
    >
    > Thing
    >
    >
    > -----Original Message-----
    > From: Greg Golin [mailto:greg.golin@gmail.com]
    > Sent: Wednesday, 21 September 2005 3:46 p.m.
    > To: redhat-list@redhat.com
    > Subject: ssh alternatives
    >
    > Following a discussion on slashdot I would like to ask this list's
    > opinion on providing remote access in general and ssh vs other
    > solutions in particular.
    >
    > So here's the deal. I know most of sshd brute force attempts shall be
    > thwarted by running the daemon on a different port. However, many
    > existing scripts -- too many to change all of them -- rely on default
    > ssh configuration. At the same time, my devs require constant remote
    > access to the servers.
    >
    > I am currently considering disabling ssh on external interfaces and
    > installing openswan.
    >
    > What is your opinion on this issue?
    >
    > Thanks.
    > G
    >
    > --
    > redhat-list mailing list
    > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    > https://www.redhat.com/mailman/listinfo/redhat-list
    >
    >
    > --
    > redhat-list mailing list
    > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
    > https://www.redhat.com/mailman/listinfo/redhat-list
    > 

    -- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
  • Next message: Nupur: "mount version older than the kernel"

    Relevant Pages

    • Re: sshd brute force attempts?
      ... I think you misunderstood what I meant by public service, or maybe it wasn't clear: By a public service I mean a service available for anyone, even anonymously: You're not going to register the world to let people send mail to your server, require authentication to send mail from your server). ... If this is stored on a usb-stick the user carries with him, or only on systems that require local authentication first, then I think you're better off than password based ssh. ... Cracklib is in ports and easy to build -- FreeBSD could use a) an option in make.conf to prevent passwd from getting built on a buildworld and b) the patched passwd/yppasswd tree in ports. ... I don't assume that level of savvy. ...
      (freebsd-questions)
    • Re: Prot Forwarding
      ... Al's SSH method would be the best. ... configure the remote control programs to use different ports on each ... that let you configure the ports in use. ... > Personally I use a Secure Shell tunnel to access multiple XP Pro ...
      (microsoft.public.windowsxp.network_web)
    • Re: hacked?
      ... So I ssh'd in and did a netstat and saw what looked like an unwanted SSH connection... ... On the local host type nmap -sV localhost -p 1-65535 to see what ports respond and which apps/services. ...
      (comp.os.linux.misc)
    • Re: [SLE] Security, ssh/vpn into a network
      ... "My server is running several services, ... outside are http and ssh. ... Again, ports 5900 is not open to the outside, neither is any of the ... not being forwarded on the firewall but through the ssh tunnel. ...
      (SuSE)
    • SUMMARY: All ports in use, but I dont think they are
      ... Some let me do X forwarding, ... I have restarted ssh several times, ... > timeout on Solaris 9 boxes is 4 minutes, but I see no ports in TIME_WAIT ... My thanks to many many folks on both the sunmanagers and secureshell lists ...
      (SSH)