jak se branit ssh utoku?
Roman Neuhauser
neuhauser at chello.cz
Mon Mar 14 18:57:34 CET 2005
# varga at stonehenge.sk / 2005-03-14 17:08:20 +0100:
> On Mon, 2005-03-14 at 16:33 +0100, Pav Lucistnik wrote:
> > Primo se nabizi udelat si do /etc/hosts par zaznamu a pak pouzivat stale
> > sady virtualni host + port ...
> >
> Paneboze, to je tak desive trivialni, az se zacinam o svuj intelekt
> docela vazne obavat. Dik za nakopnuti, ted uz je to hracka.
>
> V podstate to jde udelat i jeste vic univerzalne - na samotnou
> redirectovaci gw nahazet do dns nekolik inkrementalnich subdomen
> ukazujicich na sebe a pak se ze vsech klientu odkazovat na konkretni
> ssh[n].gw.tld -p[n] ..tedy teoreticky, ted jeste overit v praxi, jestli
> si tam klient z nudy nehodi cross-kontrolu na ip, ale podle toho jak
> uklada known_hosts snad ani ne.
ja mam pro ucely forwardovani remote portu toto:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
inet 127.0.0.2 netmask 0xffffffff
[...]
rdr lo0 127.0.0.2/32 port 22 -> 127.0.0.1 port 10022
[...]
a ssh je spokojene jak beruska.
--
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man. You don't KNOW.
Cause you weren't THERE. http://bash.org/?255991
More information about the Users-l
mailing list