Re: sshd port config and security

To: debian-security@lists.debian.org
Subject: Re: sshd port config and security
From: Vinh Truong <vtruong@enteract.com>
Date: Fri, 6 Apr 2001 23:52:29 -0500
Message-id: <20010406235229.A7934@enteract.com>
In-reply-to: <01040703584207.00415@endymion>; from jmb@ankeo.org on Sat, Apr 07, 2001 at 03:58:42AM +0200
References: <20010406103127.A12998@enteract.com> <01040703584207.00415@endymion>

* Jean-Marc Boursot <jmb@ankeo.org> [010406 21:09]:
> They allow telnet and not ssh? Nice!

yeah, afraid of the port-forwarding capabilities in ssh.  i can see
their point but i'm just as leery of clear-text transmission.  oh, well.

> So you can turn it off.

should of thought of that myself. :)

> What about portmap? You can turn it off either and filter port 25 if 
> you have a mail daemon running. In fact, you can drop all external tcp 
> connections to ports below 1024 (except 23), and drop all SYN 
> connections to ports above 1024. You can also filter ICMP. Check 
> gShield (http://linuxmafia.org/~godot/gshield.html): it has very 
> restrictive rules.

i've already disabled portmap and mail demon too.  i guess i should look
into setting up a firewall on my debian box.  i already have iptables
installed.  just need to recompile my kernel to support it.  i just keep
thinking that it's overkill to have my hw firewall and then another
firewall set up in software on my box.

thanks for the advice,
vinh

Reply to:

Follow-Ups:
- Re: sshd port config and security
  - From: japc@co.sapo.pt

References:
- sshd port config and security
  - From: Vinh Truong <vtruong@enteract.com>
- Re: sshd port config and security
  - From: Jean-Marc Boursot <jmb@ankeo.org>

Prev by Date: Re: sshd port config and security
Next by Date: Re: sshd port config and security
Previous by thread: Re: sshd port config and security
Next by thread: Re: sshd port config and security
Index(es):
- Date
- Thread