Hi AJ That's like you sad. To access trough SSH from RED you must to create a rule on System Access Menu.
About the subject, I modified the SSH configuration to other port. I know that is not the solution, and Peter was right, the best solution is to permit the connections only from certain ip address. But I can't do that because I need to connect to EFW from different places tha has Dynamic IP. Changing the ssh port reduce the impact. Best Regards. CC P.S.: Sorry if my english is not very good. AJ Weber wrote: > Just to clarify, since this is pretty sensitive and I want to make > sure I read the docs and the actual fw config right...SSH is only > available to GREEN unless you take some additional steps to explicitly > allow it from RED, right? > > -AJ > > ----- Original Message ----- > *From:* Peter Warasin <mailto:[EMAIL PROTECTED]> > *To:* [email protected] > <mailto:[email protected]> > *Sent:* Friday, January 18, 2008 11:37 AM > *Subject:* Re: [Efw-user] SSh Attack > > Carlos Leal wrote: > > The use of port 22 in place of a less well known port makes it > more > > vulnerable to automated attacks. This is why IPCop , which was the > > inspiration for this product uses port 222 for ssh. > > To be honest, that's security by obscurity, therefore we removed that. > It makes more sense to use the standard ports and to block the access > completely for the unauthorized. > > Simply open the port within system access only for your ip addresses, > disable ssh and enable it only when you need, or connect through vpn. > > peter > > -- > :: e n d i a n > :: open source - open minds > > :: peter warasin > :: http://www.endian.com :: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > > ------------------------------------------------------------------------ > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > > ------------------------------------------------------------------------ > _______________________________________________ > Efw-user mailing list > [email protected] <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/efw-user > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > > _______________________________________________ > Efw-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/efw-user > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
