On 11/21/05, Gerard Beekmans <[EMAIL PROTECTED]> wrote: > Hey guys, >
<snip sshd attack description> > > The only maybe way around this is create a web app where I can input IP > addresses that can SSH and some cronjob to check for changes and update > the firewall accordingly. > > Does anybody have other ideas? I'd like to keep ssh open for convenience > reasons. It'd really suck if I block the world, am out of town, get an > emergency call for work, and "oops I can't login until I'm home again > which will be in a few days. Sorry boss, you'll just have to live with > the downed service until then." That's not going to go over very well. > An option to consider is "port knocking" setup some rules in iptables to do some logic along the lines of if input = port 66 -j log port1 66 if input = port 99 -j log port2 99 if input = port 33 -j log port3 33 then some logwatching magic to look for a port3 within a set time of port2, which was within a set time of port 1 If that logic matches, fire up sshd on a known only to you port, and have it shut down if idle for more than x seconds. Effectively you're creating a secret "knock", which when sensed will open your sshd on a special port for you for a limited time. That way you can lock down 22 to those fixed addresses you need, and have port-knocking for when your remote. refer this site amongst others: http://www.portknocking.org/ -- -- - Steve Crosby -- http://linuxfromscratch.org/mailman/listinfo/lfs-security FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
