[rlug] Re: SSH, newbie rau de tot.

Sun, 21 Sep 2003 10:07:34 -0700 


marianciuc wrote:
> Buna,
> 
> Din diverse motive, vreau sa ma pot conecta cu ssh la statia  mea (RH-9).
> De pe statie o pot face, dar de afara zice "Connection refused"
> redhat-config-securitylevel e pe "medium" iar  regulile iptables-ul de pe
> statia mea sunt:
> ######################################################################
> Firewall configuration written by lokkit
> # Manual customization of this file is not recommended.
> # Note: ifup-post will punch the current nameservers through the
> #       firewall; such entries will *not* be listed here.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A FORWARD -j RH-Lokkit-0-50-INPUT
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
regula asta blocheaza stabilirea de noi conexiuni pe porturi mai mici de 
  1024, adica si pe 22, unde ruleaza implicit sshd

> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
> COMMIT
> #############################################################################
> 
> Ce trebuie sa fac da sa am acces ?
sa adaugi (cu lokkit ...) o regula care sa permita acces spre adresa ta 
de pe interfata spre lume, pe portul 22, de la adresa de unde vrei sa te 
conectezi, precum si pachetele dinspre portul 22 spre acea adresa
nu e o idee prea buna sa permiti conexiuni si de la alte adrese decit 
cele de la care ai nevoie

ps: nu e asa ca ai facut upgrade de ssh acum 2 zile ?

-- 
"Normal people ... believe that if it ain't broke, don't fix it.
Engineers believe that if it ain't broke, it doesn't have
enough features yet."
--- Scott Adams, The Dilbert Principle



--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

Raspunde prin e-mail lui