[rescue] SSH, Security and the single SGI
Geoffrey S. Mendelson
gsm at mendelson.com
Tue Mar 30 12:28:30 CST 2004
Sheldon T. Hall wrote:
> I have my Challenge L (IRIX 6.5.20) peeking out at the world; the only port
> passed along by the DSL router/firewall is the SSH port. I'm running the
> latest SSH, and I have even that restricted by various configurational
> So, if I enable tftp and a font server, Samba, and other stuff on the
> Challenge, am I somehow lessening its security?
Some things can be made more or less secure on the IRIX machine. For example,
SAMBA allows you to restrict your network access, and some servers allow you
to compile in TCP wrapers. These use the /etc/hosts.allow and /etc/hosts.deny
files to control their access.
You could also get a copy of RedHat's xinetd (I don't know if it will run
on IRIX or not, but it's worth looking). Xinetd replaces the usual inetd and
gives you much more configurability for security, etc.
Geoffrey S. Mendelson gsm at mendelson.com
More information about the rescue