[rescue] SGI fw_sshd and security
Sheldon T. Hall
shel at cmhcsys.com
Fri Mar 5 12:37:21 CST 2004
Meelis Roos writes ...
> 1. If your sshd has been compiled with tcp_wrappers supprt, just use
> hosts.dallow/hosts.deny. This seems pretty secure since the IP matching
> is done before any protocol parsing.
How can I tell if the code was compiled with tcp_wrappers support? The SGI
Freeware pages don't seem to say. Would I have to run tcp_wrappers to use
the hosts.allow/hosts.deny facility?
> 2. Use your favourite firewall rules to select which IP-s can/cannot
> access port 22 on your SGI.
Well, the "firewall" in question is a DSL router with NAT, so its
capabilities don't extend to IP-range blocking. It seems to be pretty
tight, though, as the portscan at www.grc.com shows all ports "stealthed"
except for 22, which is (at the moment) closed.
I could, of course, put another box between the SGI and the router. Or
should I run some firewall software on the SGI itself?
More information about the rescue