Mailinglist Archive: opensuse-security (408 mails)
| < Previous | Next > |
Re: [suse-security] Problems with ssh and firewall script
- From: Martin Köhling <mk@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 2 Apr 2002 12:47:17 +0200 (CEST)
- Message-id: <Pine.LNX.4.33.0204021237240.14021-100000@xxxxxxxxxxxxxxxxxx>
Hi!
On Tue, 2 Apr 2002, Ralf Schoenian wrote:
> If I am opening the firewall with the default policies ACCEPT and drop all my
> rules I can connect to my server from outside without any problem. Therefore
> I can guess that I have some problems with the firewall and not the sshd.
>
> ### SSH inbound
> #
> iptables -A INPUT -i $IFACE -p tcp --dport 10022 --sport $UP_PORTS -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --sport 10022 --dport $UP_PORTS -j ACCEPT
Are you sure the connections are coming from an unprivileged port?
IIRC, rhosts authentication requires use of a privileged source
port; try "UsePrivilegedPort no" in ssh_config.
Alternatively, you could allow connects from all ports (I don't
think restricting connects to unprivileged has any security
benefits, anyway).
Martin
On Tue, 2 Apr 2002, Ralf Schoenian wrote:
> If I am opening the firewall with the default policies ACCEPT and drop all my
> rules I can connect to my server from outside without any problem. Therefore
> I can guess that I have some problems with the firewall and not the sshd.
>
> ### SSH inbound
> #
> iptables -A INPUT -i $IFACE -p tcp --dport 10022 --sport $UP_PORTS -j ACCEPT
> iptables -A OUTPUT -o $IFACE -p tcp --sport 10022 --dport $UP_PORTS -j ACCEPT
Are you sure the connections are coming from an unprivileged port?
IIRC, rhosts authentication requires use of a privileged source
port; try "UsePrivilegedPort no" in ssh_config.
Alternatively, you could allow connects from all ports (I don't
think restricting connects to unprivileged has any security
benefits, anyway).
Martin
| < Previous | Next > |