[Gllug] Limiting SSH access

David Pashley david at parguild.co.uk
Thu Apr 3 08:53:58 UTC 2003


On Apr 03, 2003 at 09:26, John Hearns praised the llamas by saying:
> On Thu, 2003-04-03 at 08:31, French, Alastair wrote:
> > Hi all
> > 
> > We have linux box inside our Lan (the rest is running NT/2K) with ssh
> > enabled for external access. Is there a way that we can restrict anyone
> > ssh'ing to that machine so that they cannot gain access to any other part of
> > the network?
> > 
> 
> What utilites does the person who comes in via ssh need?
> Maybe you could set up a chrooted environment, with only the bare
> minimum set of binaries available.
> 
> I guess though that the answer from GLLUG will be:
> "All well and good - but a smart person can do xxxyyy to break out of a
> chroot jail"
> 
> I suppose it is a balance of probabilities - if it is important enough
> for you to let in (say) a customer or engineer via ssh, you might judge 
> a small risk to be acceptable.
> 
User Mode Linux may be more secure. Certianly more fun. :)

-- 
David Pashley
david at davidpashley.com
Nihil curo de ista tua stulta superstitione.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20030403/1782f019/attachment.pgp>


More information about the GLLUG mailing list