openssh concerns
Oliver Fromme
olli at lurza.secnetix.de
Mon Oct 12 13:42:19 UTC 2009
Daniel Roethlisberger <daniel at roe.ch> wrote:
> If your situation allows running pf, then there's an alternative
> method: bind sshd normally to port 22, but use pf to deny direct
> connections to port 22, redirecting connections to some high port
> X to port 22 using a `rdr pass' rule. You can even make
> exceptions for trusted IP address ranges which are then allowed
> to SSH in directly on port 22. That way, an unprivileged process
> will gain nothing by listening on high port X; it won't get to
> accept() any SSH connections.
Just for completeness sake, the same can be done easily
with IPFW and "fwd" rules, of course.
Best regards
Oliver
--
Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M.
Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung:
secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün-
chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart
FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd
"C++ is to C as Lung Cancer is to Lung."
-- Thomas Funke
More information about the freebsd-stable
mailing list