LinuxSA Mailing list archives

  From: Toby Corkindale <tjcorkin@sa.pracom.com.au>
  To  : Richard Russell <richard@yellowgoanna.com>
  Date: Fri, 30 Nov 2001 16:04:27 +1030 (CST)

Re: SSH Security??

On Fri, 30 Nov 2001, Richard Russell wrote:
> On Fri, Nov 30, 2001 at 03:36:45PM +1030, Toby Corkindale wrote:
> > /etc/ssh/sshd_config is one, or if its compiled to use it, you can also use
> > tcpwrappers (eg. hosts.allow & hosts.deny).
> >
> > As well, you can use iptables (or ipchains, ipfwadm, etc) to do it, by only
> > allowing connections to the ssh port via certain interfaces.
> >
> > my preference is towards iptables, since this is pushing the barrier the
> > closest to the data entry point.
>
> Is there any reason why other methods should be chosen over
> ipchains/iptables? (apart from when you need application-level
> control, for eg in Apache etc where you may want to restrict which IP
> addresses can get to certain URLs etc, but they all need to be able to
> send HTTP to port 80)...
>
> rr

Mmm... in the more complex scenarios you could find uses.
Think sendmail, which stops accepting connections once load on the system
exceeds a preset value. Or, some daemon that only allows a certain number of
connections per IP? (ftp clients for instance)

I don't know if those examples count though, since thats app level control.

TC

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject