RE: question about SSH / IPTABLES
You can
1. Remove the users access to the ssh program
(eg change ownership and rights of /usr/bin/ssh and create a "ssh" group for
allowed outgoing ssh users).
2. Mount /home, /tmp and any other place users might have write access on
with the "noexec" switch, so they can only use binaries installed (and
allowed to them) on the system.
You may also want to prevent users to run other programs such as telnet,
ping, nc, traceroute and so many others...
Vincent
> -----Original Message-----
> From: Iñaki Martínez [mailto:debian@euskal-linux.org]
> Sent: Thursday 23 January 2003 13:18
> To: Charl Matthee
> Cc: debian-security@lists.debian.org
> Subject: Re: question about SSH / IPTABLES
>
>
> Kaixo Charl Matthee!!!
>
> > If you want to use iptables then allow incoming ssh
> requests from the
> > relevant hosts and disallow outgoing ssh request from the server:
> >
> > iptables -A OUTPUT -j REJECT -p tcp --destination-port 22
>
> But if the client jump to another port????
>
> $ ssh -p 25 remote_ip
>
>
> I think there is no COMPLETE solution........
>
>
> Thanks....
>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: