[rescue] SGI fw_sshd and security

Mike Meredith mike at blackhairy.demon.co.uk
Fri Mar 5 13:14:23 CST 2004

On Fri, 5 Mar 2004 13:37:21 -0500, Sheldon T. Hall wrote:
> How can I tell if the code was compiled with tcp_wrappers support? 
> The SGI Freeware pages don't seem to say.  Would I have to run
> tcp_wrappers to use the hosts.allow/hosts.deny facility?

Hmm ... "ldd /usr/freeware/sbin/sshd" shows that "libwrap" is a required
library, so it's included in my Freeware install. Looking at the openssh
site indicates that the SGI distributed version is vulnerable. I guess
that's another thing on my list.

> I could, of course, put another box between the SGI and the router. 
> Or should I run some firewall software on the SGI itself?

Yes you can run firewall software on the SGI. The best bet is to install


As it's a more widely used firewall than the native SGI one.

Personally, I'd say a firewalled SGI is just as secure as any other
firewalled system (except OpenBSD). With that sshd running, you've got a
potential vulnerability so you'll need to upgrade that ... most people
trying to break in won't be able to figure out that MIPS != Intel, but
some will.

More information about the rescue mailing list