[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SSH password attacks



Hi,

> From: Carl A. Schreiber [mailto:gooly@xxxxxx]
> Sent: Donnerstag, 23. September 2004 10:55
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] SSH password attacks
>
> Hello,
>
> a question about a (SuSE)Firewall-Login:
>
> Is there a possibility (most probably) to restrict the ssh-access (user
> and root) to the firewall to certain (local) networks like 10.10.10.*?

Yes, you can filter ssh (port 22) by ipchains (SuSE-Firewall: FW_SERVICES_INT="ssh" and remove it from FW_SERVICES_EXT).

> Am I on the right way that I must change
>	/etc/ssh/sshd_config
>
> Here I should change
> 	#ListenAddress 0.0.0.0
> to
> 	ListenAddress 10.10.10.0
> (with this only from the 10.10.10.0 net a user can login,
> root login is denied anyway)

The ListenAddress is the binding address of the daemon. It binds to the adapter with the given address and port - so if you use your internal address like 10.10.10.254 or whatever it only listens to ssh requests for this address. To allow requests only from certain subnets have a look at hosts.allow and hosts.deny. But it should suffice to use a firewall and bind sshd to local addresses only.

> But _only_ this?
> For me there is no need to protect from 'inside' as it is only me.
>
> Thanks in advance,
> Carl

You're welcome,
Stefan

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here