[opensuse] SuSE Firewall: why is ssh on for external?
I just ignored the SuSE firewall as it worked in the past. There was nothing allowed for external connections. Recently I was looking at the settings in yast2 and realized that ssh ports were allowed for external connections. Since when is this setting included for 13.1? Best regards -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Peter Maffter wrote:
I just ignored the SuSE firewall as it worked in the past. There was nothing allowed for external connections.
Recently I was looking at the settings in yast2 and realized that ssh ports were allowed for external connections. Since when is this setting included for 13.1?
There is a default set when you install - you install via ssh+network, default is for ssh to be left open. -- Per Jessen, Zürich (21.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-05-11 12:06, Peter Maffter wrote:
I just ignored the SuSE firewall as it worked in the past. There was nothing allowed for external connections.
Recently I was looking at the settings in yast2 and realized that ssh ports were allowed for external connections. Since when is this setting included for 13.1?
You are asked during install, to activate ssh or not. The previous default was to have ssh enabled always, no questions. I don't remember on what release this changed. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlVQxPIACgkQja8UbcUWM1ykjQD7BakBMLkXkdc+8lCRmTBd7U6j PER+Dh7+VKpOE0JmmDIBAIq+Wv0RLJBSVSPlM9FX7jAepXHAShsJUs0y38yGbgIK =rgtD -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 11/05/2015 17:04, Carlos E. R. a écrit :
You are asked during install, to activate ssh or not.
not really. There is only an option in the summary, not obvious if you don't know. The default is no for many time now
The previous default was to have ssh enabled always, no questions.
many years ago :-) jdd -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2015-05-12 07:46, jdd wrote:
Le 11/05/2015 17:04, Carlos E. R. a écrit :
You are asked during install, to activate ssh or not.
not really. There is only an option in the summary, not obvious if you don't know. The default is no for many time now
I always read the summaries. It is quite obvious to me. It is where I adjust how it boots, what packages to instal, default runlevel... everything.
The previous default was to have ssh enabled always, no questions.
many years ago :-)
Not that many. Less than a decade :-) - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" (Minas Tirith)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlVSBYMACgkQja8UbcUWM1xG3QD+NEf5PnRXWVUDDCUna6VhVZh4 I46dhzFPaWLfWq+YQdwA/17fE4+hGSQ5UxYMXBw4T6RpVS+piu9apNegNq7Xy3/x =SvX+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 05/11/2015 03:06 AM, Peter Maffter wrote:
I just ignored the SuSE firewall as it worked in the past. There was nothing allowed for external connections.
Recently I was looking at the settings in yast2 and realized that ssh ports were allowed for external connections. Since when is this setting included for 13.1?
Best regards
Are you talking about the ssh allowed for externals in SSH config or did you mean that the firewall had ssh open? Even if sshd_config allows access from externals, it can be blocked by the firewall. You are asked to confirm this choice when configuring ssh. Kind of silly to enable ssh and then deny external access via the firewall, unless you are using the machine as a router. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (5)
-
Carlos E. R. -
jdd -
John Andersen -
Per Jessen -
Peter Maffter