Nie jesteś zalogowany.
Jeśli nie posiadasz konta, zarejestruj je już teraz! Pozwoli Ci ono w pełni korzystać z naszego serwisu. Spamerom dziękujemy!
Ogłoszenie
Prosimy o pomoc dla małej Julki — przekaż 1% podatku na Fundacji Dzieciom zdazyć z Pomocą.
Więcej informacji na dug.net.pl/pomagamy/.
#1 2011-08-18 14:16:31
zyga - 
Użytkownik
- zyga
- Użytkownik
- Zarejestrowany: 2005-08-25
ssh - zabezpieczenie WAN
Mam pytanie
Czy da się tak zrobić żeby serwer ssh nasłuchiwał tylko na jednej sieciówce?
Bez jakiś regułek firewallu, poprostu chce żeby ssh działał tylko w sieci lokalnej, a nie na wanie
z góry dziękuje za pomoc
apt-get remove windows ....
apt-get install debian :)
Offline
#2 2011-08-18 14:43:25
divinity - Użytkownik
- divinity
- Użytkownik
- Skąd: Warszawa
- Zarejestrowany: 2007-04-14
Re: ssh - zabezpieczenie WAN
Wydaje mi się, że nie da się ustawić nasłuchiwania na konkretnym interfejsie sieciowym.
Da się napewno nasłuchiwać na określownym adresie.
Zmienna ListenAddress w /etc/ssh/sshd_config
Kod:
ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port np: ListenAddress 192.168.1.1:22 lub ListenAddress 192.168.1.1
Offline
#3 2011-08-18 14:57:31
kamikaze - Administrator
- kamikaze
- Administrator
- Zarejestrowany: 2004-04-16
Re: ssh - zabezpieczenie WAN
Z mana iptables:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any
interface which begins with this name will match. If this option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this option is omitted, any interface name will match.[/quote]
Offline
#4 2011-08-18 14:59:28
zyga - Użytkownik
- zyga
- Użytkownik
- Zarejestrowany: 2005-08-25
Re: ssh - zabezpieczenie WAN
[quote=divinity]Wydaje mi się, że nie da się ustawić nasłuchiwania na konkretnym interfejsie sieciowym.
Da się napewno nasłuchiwać na określownym adresie.
Zmienna ListenAddress w /etc/ssh/sshd_config
Kod:
ListenAddress host|IPv4_addr|IPv6_addr ListenAddress host|IPv4_addr:port ListenAddress [host|IPv6_addr]:port np: ListenAddress 192.168.1.1:22 lub ListenAddress 192.168.1.1
[/quote]
super to to mi wystarcza, dziękuje bardzo :D
[quote=kamikaze]Z mana iptables:
[!] -i, --in-interface name
Name of an interface via which a packet was received (only for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any
interface which begins with this name will match. If this option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then
any interface which begins with this name will match. If this option is omitted, any interface name will match.[/quote]
[/quote]
dzieki
apt-get remove windows ....
apt-get install debian :)
Offline
Informacje debugowania
| Time (s) | Query |
|---|---|
| 0.00013 | SET CHARSET latin2 |
| 0.00009 | SET NAMES latin2 |
| 0.00152 | SELECT u.*, g.*, o.logged FROM punbb_users AS u INNER JOIN punbb_groups AS g ON u.group_id=g.g_id LEFT JOIN punbb_online AS o ON o.ident='3.129.70.157' WHERE u.id=1 |
| 0.00090 | REPLACE INTO punbb_online (user_id, ident, logged) VALUES(1, '3.129.70.157', 1714196653) |
| 0.00058 | SELECT * FROM punbb_online WHERE logged<1714196353 |
| 0.00054 | SELECT t.subject, t.closed, t.num_replies, t.sticky, f.id AS forum_id, f.forum_name, f.moderators, fp.post_replies, 0 FROM punbb_topics AS t INNER JOIN punbb_forums AS f ON f.id=t.forum_id LEFT JOIN punbb_forum_perms AS fp ON (fp.forum_id=f.id AND fp.group_id=3) WHERE (fp.read_forum IS NULL OR fp.read_forum=1) AND t.id=19546 AND t.moved_to IS NULL |
| 0.00009 | SELECT search_for, replace_with FROM punbb_censoring |
| 0.00113 | SELECT u.email, u.title, u.url, u.location, u.use_avatar, u.signature, u.email_setting, u.num_posts, u.registered, u.admin_note, p.id, p.poster AS username, p.poster_id, p.poster_ip, p.poster_email, p.message, p.hide_smilies, p.posted, p.edited, p.edited_by, g.g_id, g.g_user_title, o.user_id AS is_online FROM punbb_posts AS p INNER JOIN punbb_users AS u ON u.id=p.poster_id INNER JOIN punbb_groups AS g ON g.g_id=u.group_id LEFT JOIN punbb_online AS o ON (o.user_id=u.id AND o.user_id!=1 AND o.idle=0) WHERE p.topic_id=19546 ORDER BY p.id LIMIT 0,25 |
| 0.00121 | UPDATE punbb_topics SET num_views=num_views+1 WHERE id=19546 |
| Total query time: 0.00619 s | |