Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] ssh shells and ircd on a small lan

i don't think that is a good idea to give someone access to your firewall
box if you have configure your firewall and routing table correct you don't
have to give a user account to your firewall its so simple don't make this
to yourself


Kontogiannopoulos Dimitris
jim@xxxxxxxxxxx
Junior Net Admin

----- Original Message -----
From: "phil" <phil@xxxxxxxxxxx>
To: <suse-security@xxxxxxxx>
Sent: Wednesday, July 11, 2001 12:12 AM
Subject: [suse-security] ssh shells and ircd on a small lan


> Greetings all,
> I been trying to give my friend a shell account
> (ssh) And I have ran into some confusion.
>
> The firewall box has ssh already on it, but it also has portforwarding. So
> I am confused as to where I should give my friend a shell at.
>
> I also talk irc with my friend on a ircd which is located on 192.168.0.2 ,
> but I wondering if this is safe to let ircd be port forwarded through
> firewall box
>
> |----------------------------------
> | modem (dialup)-- firewall box
> | |
> | redhat eth0
> |----------------------------------
> |
> |------------ |----------------
> | hub | -- | (eth0) 192.168.0.1 (just a client mandrake)
> |------------
> \ |----------------
> | (eth0) 192.168.0.2 (irc, shell accounts suse 7.2)
>
>
> at the moment the only way I know to get through the external network is
> to ssh to the firewall box as root, then ssh again into 192.168.0.2 box.
>
> I don't want my friend to know the root password on the firewall.
> I trust the guy, but he isn't very adept at linux and he might screw
> something up by accident. I want to avoid the accident. I also want
> to limit him to say 10MB and 10 process's (the cpu goes to 100% now with
> no limits on the account)
>
> If I shut ssh off the firewall how can I turn on ssh through it to the
> shell accounts. Or is this the wrong way to do this? I am thinking the
> shell might be better off located on the firewall.
>
> Should ircd be relocated to the firewall instead of where it is
> now (192.168.0.2)
>
> and finally... a bloob, I accidentally deleted my ircd startup from the
> inetd.conf I tried YaST and manually editing it but the only way to
> start irc is manually now. Can someone show the line or lines in the
> inetd.conf that have the irc/ircd start up from inetd.conf There is
> not anything in the manual about this.
>
> it used to start when I boot, but no more...;o(
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx


< Previous Next >