Ooops, youre right, nice catch... David Van Assche www.nubae.com
On Thu, Oct 16, 2008 at 6:54 PM, Kenneth Tanzer <[EMAIL PROTECTED]> wrote: > Glad to hear it. The documentation, however, seems to be written the > other way: > >> The solution is to create 2 instances ssh, one serving the internal ip on >> port 22 and one serving the wan interface on port 2222. > > > David Van Assche wrote: >> If you read the script, that's the what its doing, it makes a copy of >> itself to ltsp-ssh and then ltsp-ssh switches to using port 2222. >> >> David Van Assche >> www.nubae.com >> >> On Wed, Oct 15, 2008 at 7:23 PM, Kenneth Tanzer <[EMAIL PROTECTED]> wrote: >> >>> Wouldn't it be better to have the sshd serving the LTSP connections run >>> on the nonstandard port, and have the wan-facing one run on port 22? >>> >>> Just curious. Thanks. >>> >>> David Van Assche wrote: >>> >>>> I'm putting this into documentation:- >>>> >>>> Hardening server by adding 2 ssh sessions >>>> >>>> The way LTSP works right now, makes the ssh handling vulnerable >>>> to the outside world if you don't block access to port 22 from >>>> the wan interface entirely. The solution is to create 2 instances >>>> ssh, one serving the internal ip on port 22 and one serving the >>>> wan interface on port 2222. If you only have one interface, >>>> then both ssh sessions would serve the same interface, but one >>>> would serve port 22, and the other 2222. This is how to set this >>>> up: >>>> >>>> sudo cp /etc/init.d/ssh /etc/init.d/ltsp-ssh >>>> sudo cp /etc/default/ssh /etc/default/ltsp-ssh >>>> sudo cp /etc/ssh/sshd_config /etc/ltsp/ltsp-sshd_config >>>> sudo cp /var/run/sshd /var/run/ltsp-ssh >>>> sudo sed -ie 's/Port 22/Port 2222/' /etc/ltsp/ltsp-sshd_config >>>> >>>> If you are using 2 interfaces also do:> >>>> sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 192.168.0.1/' >>>> /etc/ltsp/ltsp-sshd_config >>>> sudo sed -ie 's/#ListenAddress 0.0.0.0/ListenAddress 10.0.0.42/' >>>> /etc/ssh/sshd_config >>>> Change 10.0.0.42 with the address of your wan facing interface. >>>> You will also need to change the .pid of the new ssh >>>> instance: >>>> >>>> sudo tee -a "PidFile /var/run/ltsp-sshd.pid" >>>> /etc/ltsp/ltsp-sshd_config >>>> sudo sed -ie 's/SSHD_OPTS=/SSHD_OPTS=\"-f >>>> /etc/ltsp/ltsp-sshd_config\"' /etc/default/ltsp-ssh >>>> sudo sed -ie 's/AllowUsers/AllowUsers >>>> [EMAIL PROTECTED]/24/' /etc/ltsp/ltsp-sshd_config >>>> >>>> This look about right? >>>> >>>> On Wed, Oct 15, 2008 at 3:56 PM, Gavin McCullagh <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>>> Hi, >>>>> >>>>> On Wed, 15 Oct 2008, Oliver Grawert wrote: >>>>> >>>>> >>>>> >>>>>>> https://blueprints.launchpad.net/ltsp/+spec/dedicated-ltsp-sshd >>>>>>> >>>>>>> As it's low priority, it hasn't really happened though. >>>>>>> >>>>>>> >>>>>> note that SSH_OVERRIDE_PORT in lts.conf is supported since a while >>>>>> (pre-hardy even i think) so all thats left is a way to set up the server >>>>>> side more easily >>>>>> >>>>>> >>>>> Great. I hadn't realised that. If anyone's interested in getting the >>>>> server side done, it's relatively straightforward, I had it working for a >>>>> while. I'm happy to lend a hand or help write the config files. I did it >>>>> on ubuntu before (the blueprint instructions are derived from what I did) >>>>> but I amn't certain how easily one could do it for all platforms. >>>>> >>>>> The ltsp I work on is now not exposed to the net in the same way so it's >>>>> not such an issue to me, but I still think it would be a good step for >>>>> ltsp. >>>>> >>>>> Gavin >>>>> >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>> challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>> prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>> world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _____________________________________________________________________ >>>>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>>>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>>>> >>>>> >>>>> >>>> ------------------------------------------------------------------------- >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>> challenge >>>> Build the coolest Linux based applications with Moblin SDK & win great >>>> prizes >>>> Grand prize is a trip for two to an Open Source event anywhere in the world >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>> _____________________________________________________________________ >>>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>>> >>>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _____________________________________________________________________ >>> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >>> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >>> For additional LTSP help, try #ltsp channel on irc.freenode.net >>> >>> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _____________________________________________________________________ >> Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: >> https://lists.sourceforge.net/lists/listinfo/ltsp-discuss >> For additional LTSP help, try #ltsp channel on irc.freenode.net >> > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _____________________________________________________________________ > Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: > https://lists.sourceforge.net/lists/listinfo/ltsp-discuss > For additional LTSP help, try #ltsp channel on irc.freenode.net > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
