Can I keep the port open for sftp and close for ssh? -Garima Jain.
On Mon, Jun 20, 2016 at 10:33 PM, garima jain <[email protected]> wrote: > Thanks. Will use that. > > -Garima Jain > On Jun 20, 2016 10:31 PM, "Ashish" <[email protected]> wrote: > >> On Mon, Jun 20, 2016 at 9:43 AM, garima jain <[email protected]> >> wrote: >> > Can we use black list/whitelist feature? >> >> This is what you should use. >> >> > >> > -Garima Jain >> > On Jun 20, 2016 10:12 PM, "elijah baley" <[email protected]> wrote: >> > >> >> There are many options - depending on the actual setup: >> >> - You can move SSHD to a non-standard port on all interfaces - easy to >> do >> >> when setting up the server - just call "setPort" on the SshServer >> instance- >> >> You can bind SSHD to a specific interface (e.g., 127.0.0.1)om port 22 >> and >> >> bind SFTP to the public interface on port 22 - easy to do just call >> >> "setAddress" (or something to that effect) on the SshServer instance >> >> I could think of more exotic options - e.g. similar to sslh, using >> >> HAPROXY, etc., etc. >> >> > From: [email protected] >> >> > Date: Mon, 20 Jun 2016 12:10:26 +0530 >> >> > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD >> >> > To: [email protected] >> >> > >> >> > Hi elijah, >> >> > >> >> > The requirement is to block port 22 for SSH and accept SFTP >> connections >> >> on >> >> > Port 22. Is there a class/method that can help us achieve the aim? >> >> > >> >> > -Garima Jain. >> >> > >> >> > On Fri, Jun 17, 2016 at 3:27 PM, elijah baley <[email protected]> >> >> wrote: >> >> > >> >> > > Is there some reason your code cannot examine the incoming client >> >> address >> >> > > and reject it if it does not match some specified criteria (e.g., >> mask, >> >> > > network, closed group of IPs - whatever...) ? >> >> > > >> >> > > > From: [email protected] >> >> > > > Date: Fri, 17 Jun 2016 14:50:51 +0530 >> >> > > > Subject: Partial Disabling of port 22 using apache-mina SSHD >> >> > > > To: [email protected] >> >> > > > >> >> > > > Hi, >> >> > > > >> >> > > > >> >> > > > >> >> > > > We are using com.springsource.org.apache.mina-1.0.2.jar in our >> >> product. >> >> > > > The requirement is to disable port 22 for all incoming traffic >> over >> >> SSH >> >> > > but >> >> > > > the same port is required to communicate with few IP’s over 22. >> Is >> >> there >> >> > > a >> >> > > > way to handle selective port blocking? >> >> > > > >> >> > > > >> >> > > > -Garima Jain. >> >> > > >> >> > > >> >> >> >> >> >> -- >> thanks >> ashish >> >> Blog: http://www.ashishpaliwal.com/blog >> My Photo Galleries: http://www.pbase.com/ashishpaliwal >> >
