Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #36420
| From | Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> |
|---|---|
| Newsgroups | comp.os.linux.misc |
| Subject | Re: Guaranteeing SSH access to specific clients |
| Date | 2022-12-09 06:43 +0000 |
| Organization | aeon: think longer than you thought before |
| Message-ID | <tmuleg$kfj$1@sirius.aeon.icebear.cloud> (permalink) |
| References | <tmtf02$1ufi$1@gioia.aioe.org> <op.1wvne71ia3w0dxdave@hodgins.homeip.net> <tmu2hq$18b6$1@gioia.aioe.org> |
Harold Johanssen <noemail@please.net> wrote:
Hello Harold,
> [...]
> This would be networking-related question: in a nutshell, if the
> TCP connection on port 22 is coming from me then it is forwarded to the
> ssh daemon; otherwise, it is dropped immediately. The problem is, how
> would the TCP code in my server know that the connection is coming me
> from me, as opposed to anybody else?
strange thinking: Don't communicate ("before the SSH protocol is
started") but recognise me from whichever IP address I might come...
For the case that you still didn't get over to us what you really want
to accomplish you might look into the "tcp wrapper" which is still
linked into the ssh daemon.
But from what I understand about your concern I would recommend a port
knocking mechanism. Hint: Don't use "knockd" for diverse reasons as long
as the system(s) in question already has netfilter tables since this
firewall code is able to implement port knocking totally and very
flexible as a ruleset system.
Best regards,
Henning
--
Honesty is for the most part less profitable than dishonesty.
-- Plato
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-08 19:47 +0000
Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 16:31 -0500
Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 01:20 +0000
Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 21:43 -0500
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
Re: Guaranteeing SSH access to specific clients stepore <stepore@be.here.now> - 2022-12-08 19:34 -0800
Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-09 04:42 +0100
Re: Guaranteeing SSH access to specific clients "26C.Z969" <26C.Z969@noaada.net> - 2022-12-09 01:53 -0500
Re: Guaranteeing SSH access to specific clients Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> - 2022-12-09 06:43 +0000
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:29 +0000
Re: Guaranteeing SSH access to specific clients Allodoxaphobia <trepidation@example.net> - 2022-12-09 13:55 +0000
Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-09 14:08 +0000
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-09 12:44 -0500
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:52 +0000
Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-08 22:31 -0500
Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-09 12:36 +0000
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:27 +0000
Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 14:48 +0000
Re: Guaranteeing SSH access to specific clients Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2022-12-09 17:42 +0200
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:36 +0000
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 19:35 +0000
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:53 +0000
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-10 13:58 +0000
Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:08 +0000
Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:15 +0000
Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-10 19:25 -0500
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 00:53 +0000
Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 10:37 +0100
Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 12:50 +0000
Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 20:55 +0100
Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-12 09:35 +0000
Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-13 08:36 +0000
Re: Guaranteeing SSH access to specific clients "Carlos E. R." <robin_listas@es.invalid> - 2022-12-15 18:09 +0100
Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 22:03 +0000
Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:56 +0000
Re: Guaranteeing SSH access to specific clients Ted Heise <theise@panix.com> - 2022-12-16 18:40 +0000
csiph-web