[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SSH password attacks
> From: Carl A. Schreiber [mailto:gooly@xxxxxx]
> Sent: Donnerstag, 23. September 2004 10:55
> To: suse-security@xxxxxxxx
> Subject: Re: [suse-security] SSH password attacks
> a question about a (SuSE)Firewall-Login:
> Is there a possibility (most probably) to restrict the ssh-access (user
> and root) to the firewall to certain (local) networks like 10.10.10.*?
Yes, you can filter ssh (port 22) by ipchains (SuSE-Firewall: FW_SERVICES_INT="ssh" and remove it from FW_SERVICES_EXT).
> Am I on the right way that I must change
> Here I should change
> #ListenAddress 0.0.0.0
> ListenAddress 10.10.10.0
> (with this only from the 10.10.10.0 net a user can login,
> root login is denied anyway)
The ListenAddress is the binding address of the daemon. It binds to the adapter with the given address and port - so if you use your internal address like 10.10.10.254 or whatever it only listens to ssh requests for this address. To allow requests only from certain subnets have a look at hosts.allow and hosts.deny. But it should suffice to use a firewall and bind sshd to local addresses only.
> But _only_ this?
> For me there is no need to protect from 'inside' as it is only me.
> Thanks in advance,
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here