[rescue] SSH, Security and the single SGI

Shawn Wallbridge shawn at synack-hosting.com
Tue Mar 30 18:41:56 CST 2004

If the only port your router is forwarding to the Challenge is SSH, 
then turning on the other ports only weakens your security of the 
machine if they get past the router. I would still secure it as much as 
possible (layers of security), but having the other ports open, but 
firewalled is pretty normal.


On 30-Mar-04, at 10:12 AM, Sheldon T. Hall wrote:

> I have my Challenge L (IRIX 6.5.20) peeking out at the world; the only 
> port
> passed along by the DSL router/firewall is the SSH port.  I'm running 
> the
> latest SSH, and I have even that restricted by various configurational
> means.
> I expect that it's about as secure as remote access gets.
> At present, I'm not running much in the way of services on the 
> machine, but
> I'd like to move some of the stuff off my SPARCstation LX to the 
> Challenge L
> to take advantage of the Challenge's greater speed, disk capacity, 
> etc.  In
> addition, I'd like for the Challenge to serve up Xterm software and 
> act as
> the font server for the Xterms.
> So, if I enable tftp and a font server, Samba, and other stuff on the
> Challenge, am I somehow lessening its security?
> -Shel
> --
> Sheldon T. Hall
> shel at cmhc.com
> 206-780-7971 (CMHC)
> 206-842-2858 (Home)
> _______________________________________________
> rescue list - http://www.sunhelp.org/mailman/listinfo/rescue

More information about the rescue mailing list