jak se branit ssh utoku?

Roman Neuhauser neuhauser at chello.cz
Mon Mar 14 18:57:34 CET 2005

Previous message: jak se branit ssh utoku?
Next message: jak se branit ssh utoku?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

# varga at stonehenge.sk / 2005-03-14 17:08:20 +0100:
> On Mon, 2005-03-14 at 16:33 +0100, Pav Lucistnik wrote:
> > Primo se nabizi udelat si do /etc/hosts par zaznamu a pak pouzivat stale
> > sady virtualni host + port ...
> > 
> Paneboze, to je tak desive trivialni, az se zacinam o svuj intelekt
> docela vazne obavat. Dik za nakopnuti, ted uz je to hracka.
> 
> V podstate to jde udelat i jeste vic univerzalne - na samotnou
> redirectovaci gw nahazet do dns nekolik inkrementalnich subdomen
> ukazujicich na sebe a pak se ze vsech klientu odkazovat na konkretni
> ssh[n].gw.tld -p[n] ..tedy teoreticky, ted jeste overit v praxi, jestli
> si tam klient z nudy nehodi cross-kontrolu na ip, ale podle toho jak
> uklada known_hosts snad ani ne.

    ja mam pro ucely forwardovani remote portu toto:

    lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000 
        inet 127.0.0.2 netmask 0xffffffff 
        [...]

    rdr lo0 127.0.0.2/32 port 22 -> 127.0.0.1 port 10022
    [...]

    a ssh je spokojene jak beruska.

-- 
How many Vietnam vets does it take to screw in a light bulb?
You don't know, man.  You don't KNOW.
Cause you weren't THERE.             http://bash.org/?255991

Previous message: jak se branit ssh utoku?
Next message: jak se branit ssh utoku?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list