[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [security-unixtech] Re: question about SSH / IPTABLES

> > If you want to use iptables then allow incoming ssh requests from the
> > relevant hosts and disallow outgoing ssh request from the server:
> > 
> > iptables -A OUTPUT -j REJECT -p tcp --destination-port 22
> 
>  But if the client jump to another port????

"GatewayPorts no" in sshd_config :

Specifies whether remote hosts are allowed to connect to ports
forwarded for the client.  By default, sshd binds remote port
forwardings to the loopback address.  This prevents other remote
hosts from connecting to forwarded ports.  GatewayPorts can be
used to specify that sshd should bind remote port forwardings to
the wildcard address, thus allowing remote hosts to connect to
forwarded ports.  The argument must be ``yes'' or ``no''.  The
default is ``no''.


>  $ ssh -p 25 remote_ip
> 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
Reply to: