Hi all, On my phone SSH listens on all interfaces, I am not 100% sure if the default jolla setup also runs like this since I have NielDKs' openssh packages installed.
Either way this brings up the interesting question of how to limit SSH to listen only on local interfaces (USB, bluetooth and WiFi - where the last one may be network dependent). My first instinct was to change the ListenAddress, the problems with that are (from the top of my head): - One would need to list all the possible 192.168.0.0/16 addresses the phone can take for the different connection types. - There is no way to guarantee that a cellular operator won't decide for some weird reason to use 192.168.0.0/16 instead of 10.0.0.0/8 - A WiFi you connect to could have 10.0.0.0/8, 192.168.0.0/16 or even 172.16.0.0/12 and there is no telling ahead of time which address the phone will have. So this leaves an, I think, interesting question: how do we on the one hand allow SSH access while on the other hand preventing access from GSM/3G/4G? The obvious solution seems to be an iptables/nftables rule linked to the interface of cellular internet which prevents access, iptables -L shows me the phones' table is currently completely empty, which may not be the best of ideas.... Suggestions? Regards, Eli
_______________________________________________ SailfishOS.org Devel mailing list To unsubscribe, please send a mail to devel-unsubscr...@lists.sailfishos.org
