Re: question about SSH / IPTABLES

To: debian-security@lists.debian.org
Subject: Re: question about SSH / IPTABLES
From: Daniel Kobras <kobras@tat.physik.uni-tuebingen.de>
Date: Thu, 23 Jan 2003 14:25:32 +0100
Message-id: <[🔎] 20030123132531.GA1092@neljae>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 51341B7FA34CD2119FA20008C7289B1C051C1C32@panoramix.coe.int>
References: <[🔎] 51341B7FA34CD2119FA20008C7289B1C051C1C32@panoramix.coe.int>

On Thu, Jan 23, 2003 at 01:45:47PM +0100, DEFFONTAINES Vincent wrote:
> You can
> 1. Remove the users access to the ssh program
> (eg change ownership and rights of /usr/bin/ssh and create a "ssh" group for
> allowed outgoing ssh users).
> 2. Mount /home, /tmp and any other place users might have write access on
> with the "noexec" switch, so they can only use binaries installed (and
> allowed to them) on the system.

3. Kindly ask the users not to run '/lib/ld.so.1 /usr/bin/ssh' (or any
executable they upload to /home, /tmp, or wherever).

Daniel.

Reply to:

Follow-Ups:
- Re: question about SSH / IPTABLES
  - From: Jean Christophe ANDRÉ <jean-christophe.andre@auf.org>

References:
- RE: question about SSH / IPTABLES
  - From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>

Prev by Date: Re: [security-unixtech] Re: question about SSH / IPTABLES
Next by Date: Re: question about SSH / IPTABLES
Previous by thread: RE: question about SSH / IPTABLES
Next by thread: Re: question about SSH / IPTABLES
Index(es):
- Date
- Thread