LinuxSA Mailing list archives

Index: [thread] [date] [subject] [author] [stats]

  From: Richard Russell <richard@yellowgoanna.com>
  To  : Toby Corkindale <tjcorkin@sa.pracom.com.au>
  Date: Fri, 30 Nov 2001 15:59:59 +1030

Re: SSH Security??

On Fri, Nov 30, 2001 at 03:36:45PM +1030, Toby Corkindale wrote:
> /etc/ssh/sshd_config is one, or if its compiled to use it, you can also use
> tcpwrappers (eg. hosts.allow & hosts.deny).
> 
> As well, you can use iptables (or ipchains, ipfwadm, etc) to do it, by only
> allowing connections to the ssh port via certain interfaces.
> 
> my preference is towards iptables, since this is pushing the barrier the
> closest to the data entry point.

Is there any reason why other methods should be chosen over
ipchains/iptables? (apart from when you need application-level
control, for eg in Apache etc where you may want to restrict which IP
addresses can get to certain URLs etc, but they all need to be able to
send HTTP to port 80)...

rr

-- 
Richard Russell
Yellow Goanna Pty Ltd
e: richard@yellowgoanna.com
m: +61 412 827 805
f: +61 8 8462 2362

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject

Index: [thread] [date] [subject] [author] [stats]

Return to the LinuxSA Mailing List Information Page