Re: [security-unixtech] Re: question about SSH / IPTABLES
> > I have a server in internet and i want several clients to access to it via
> > SSH but i DON'T want they to be able to use SSH from that server.
> >
> > So i client can access the server via SSH, but s/he CAN NOT ssh to other
> > servers from my server...
>
in sshd_conf :
AllowTcpForwarding no :
Specifies whether TCP forwarding is permitted. The default is
``yes''. Note that disabling TCP forwarding does not improve security
unless users are also denied shell access, as they can always install
their own forwarders.
--> man 5 sshd_config for openSSH
> If you want to use iptables then allow incoming ssh requests from the
> relevant hosts and disallow outgoing ssh request from the server:
>
> iptables -A INPUT -j ACCEPT -p tcp -s <client_ip/mask> --destination-port 22
> iptables -A INPUT -j REJECT -p tcp --destination-port 22
> iptables -A OUTPUT -j REJECT -p tcp --destination-port 22
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Reply to: