Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] ssh shells and ircd on a small lan
  • From: <dog@xxxxxxxxx>
  • Date: Tue, 10 Jul 2001 19:08:31 -0500 (CDT)
  • Message-id: <Pine.LNX.4.31.0107101906410.28187-100000@xxxxxxxxxxxxx>
I would not give anyone an account on a firewall and definitely would not
port forward through IRC. If you have port forwarding running okay,
forward port 22 through the firewall to a local machine and give your
friend an account there. personally, I just dont run any irc servers
myself, prefering to allow someone else to deal with that security
nightmare.

On Tue, 10 Jul 2001, phil wrote:

>Greetings all,
> I been trying to give my friend a shell account
>(ssh) And I have ran into some confusion.
>
>The firewall box has ssh already on it, but it also has portforwarding. So
>I am confused as to where I should give my friend a shell at.
>
>I also talk irc with my friend on a ircd which is located on 192.168.0.2 ,
> but I wondering if this is safe to let ircd be port forwarded through
>firewall box
>
> |----------------------------------
> | modem (dialup)-- firewall box
> | |
> | redhat eth0
> |----------------------------------
> |
> |------------ |----------------
> | hub | -- | (eth0) 192.168.0.1 (just a client mandrake)
> |------------
> \ |----------------
> | (eth0) 192.168.0.2 (irc, shell accounts suse 7.2)
>
>
> at the moment the only way I know to get through the external network is
>to ssh to the firewall box as root, then ssh again into 192.168.0.2 box.
>
>I don't want my friend to know the root password on the firewall.
>I trust the guy, but he isn't very adept at linux and he might screw
>something up by accident. I want to avoid the accident. I also want
>to limit him to say 10MB and 10 process's (the cpu goes to 100% now with
>no limits on the account)
>
>If I shut ssh off the firewall how can I turn on ssh through it to the
>shell accounts. Or is this the wrong way to do this? I am thinking the
>shell might be better off located on the firewall.
>
>Should ircd be relocated to the firewall instead of where it is
>now (192.168.0.2)
>
>and finally... a bloob, I accidentally deleted my ircd startup from the
>inetd.conf I tried YaST and manually editing it but the only way to
>start irc is manually now. Can someone show the line or lines in the
>inetd.conf that have the irc/ircd start up from inetd.conf There is
>not anything in the manual about this.
>
>it used to start when I boot, but no more...;o(
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>

Chad Whitten
Network/Systems Administrator
Nexband Communications
chadwick@xxxxxxxxxxx


< Previous Next >
Follow Ups
References