similar to: OT: closing a port on home router

On Sat, Sep 12, 2015 at 04:26:09PM -0700, John R Pierce wrote: > On 9/12/2015 4:16 PM, Fred Smith wrote: > >I'm wanting to close port 22 (ssh) on my home router, and I don't see any > >facilities in its GUI for doing that. > > inbound ports that aren't forwarded are closed by default on most > any/all NAT routers, unless the router itself is listening to said

Hello, with CentOS 6.2 - is it possible to configure OpenSSH daemon to listen on different IPs _and_ ports? I have received a 2nd IP address for my server and have successfully configured by adding the new "/etc/sysconfig/network-scripts/ifcfg-eth0:1" file. I'd like SSHd to keep listening at the_old_ip:22 but also at the_new_ip:443. The 443 on the_old_ip is already taken by

On Sat, Sep 12, 2015 at 08:23:14PM -0400, Scott Robbins wrote: > On Sat, Sep 12, 2015 at 04:26:09PM -0700, John R Pierce wrote: > > On 9/12/2015 4:16 PM, Fred Smith wrote: > > > > >I'm wanting to close port 22 (ssh) on my home router, and I don't see any > > >facilities in its GUI for doing that. > > > > inbound ports that aren't

If all ListenAddress lines in the sshd_config file specify a port, then the -p option to sshd is silently ignored: # cat test_sshd_config2 ListenAddress 0.0.0.0:22 ListenAddress 0.0.0.0:2222 # `pwd`/sshd -D -d -p 4411 -f test_sshd_config2 debug1: sshd version OpenSSH_4.2p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1

Hi, I'm interested in the ability to block ssh logins (or alternatively, not have sshd answer client requests) for certain hostnames that are DNS CNAME aliases to the canonical name for a given IP address. To tell you the truth, I don't think this is currently possible through this setup, and may look further to try to block it at the firewall, but that's a different discussion... :)

https://bugzilla.netfilter.org/show_bug.cgi?id=1185 Bug ID: 1185 Summary: counter flag proposal for sets and maps Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: enhancement Priority: P5 Component: nft Assignee: pablo at netfilter.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2624 Bug ID: 2624 Summary: ListenAddress and Port directives only accept a single value Product: Portable OpenSSH Version: 7.3p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

On 9/22/2015 1:45 PM, Fred Smith wrote: > Actually, connecting to port 22 works fine, or did until my last hacking > session on the router. Which is why I wanted to make it inaccessible. if you're forwarding WAN port 2222, I do not understand what your router is doing with port 22, unless the router itself is also running a sshd -- john r pierce, recycling bits in santa cruz

On Tue, 2015-09-22 at 18:52 -0400, Fred Smith wrote: > well, not 2222, but another port I won't identify here, and it > is forwarded to 22 on my linux box. Could an 'idea' also be to close permanently port 22 and configure SSH to use a completely different port ? Inviting hackers by having a functioning, in one way or another, port 22 is asking for trouble. -- Regards,

rhbz#698650 Signed-off-by: Joey Boggs <jboggs at redhat.com> --- scripts/network.py | 3 +- scripts/ovirt-config-setup.py | 46 +++++++++++++++++++++++++++++++++------- scripts/ovirtfunctions.py | 22 +++++++++++-------- 3 files changed, 53 insertions(+), 18 deletions(-) diff --git a/scripts/network.py b/scripts/network.py index ccc4bd8..f51ee7c 100644 ---

rhbz#698650 Signed-off-by: Joey Boggs <jboggs at redhat.com> --- scripts/network.py | 3 +- scripts/ovirt-config-setup.py | 48 ++++++++++++++++++++++++++++++++++------ scripts/ovirtfunctions.py | 20 ++++++++++------ 3 files changed, 54 insertions(+), 17 deletions(-) diff --git a/scripts/network.py b/scripts/network.py index ccc4bd8..f51ee7c 100644 ---

On 9/12/2015 9:44 PM, Fred Smith wrote: > > yes, there is port forwarding, of course. I'm forwarding a different > port to 22 on my desktop, and want to close 22 on the router so it won't > also allow access to 22 on my desktop. If you have not set up forwarding for port 22 on the router, it is already closed. You do not need to do anything. If you want to verify this, just

https://bugzilla.netfilter.org/show_bug.cgi?id=1439 Bug ID: 1439 Summary: Atomically updating/reloading a large set with nft -f is excessively slow Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: enhancement Priority: P5

hello: I have 3 data.frame objects. First df object: Of dim (149,31). Columns 2:31 are marked as T1..T14 and N1..N16. Name T1 T2 N1 T3 N2 N3 N4 T4 mu1 10 10 9 10 9 9 8 10 mu2 11 11 9 11 9 9 9 11 ... muN 12 12 9 11 9 9 8 12 Second df object: of Dim (50000,31). Columns 2:31 are maked as T1...T14 and N1..N16.

On Tue, 30 Jun 2015, Damien Miller wrote: | On Mon, 29 Jun 2015, Tim Rice wrote: | | > On Tue, 30 Jun 2015, Damien Miller wrote: | > | > | I think we should just disable the test if the host doesn't support IPv6. | > | | > | diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh | > | index 7f377d8..e19b4d0 100644 | > | --- a/regress/cfgparse.sh | > | +++

I've been running Tinc on my routers for several years. I thought I'd do an integration of tinc with gui in Tomato firmware because I find it useful. It's been working well for me, but I'm sure there's there's a bug or two, or something I've overlooked. Let me know of anything and I'll correct it in a future release. I created a tutorial for Tomato users here.

https://bugzilla.netfilter.org/show_bug.cgi?id=1114 Bug ID: 1114 Summary: set: Can't add elements after flushing a full set with size description Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5

On Tue, Sep 22, 2015 at 03:09:18PM -0700, John R Pierce wrote: > On 9/22/2015 1:45 PM, Fred Smith wrote: > >Actually, connecting to port 22 works fine, or did until my last hacking > >session on the router. Which is why I wanted to make it inaccessible. > > if you're forwarding WAN port 2222, I do not understand what your > router is doing with port 22, unless the

How do I compile OpenSSH so that I can use: ListenAddress 0.0.0.0 in my sshd_config file ? Currently I get: [root at dark openssh-2.2.0p1]# sshd -d debug: sshd version OpenSSH_2.2.0p1 debug: Seeding random number generator debug: read DSA private key done debug: Seeding random number generator error: getnameinfo failed fatal: Cannot bind any address. if I try to use "ListenAddress

On Tue, 30 Jun 2015, Damien Miller wrote: | I think we should just disable the test if the host doesn't support IPv6. | | diff --git a/regress/cfgparse.sh b/regress/cfgparse.sh | index 7f377d8..e19b4d0 100644 | --- a/regress/cfgparse.sh | +++ b/regress/cfgparse.sh | @@ -3,6 +3,12 @@ | | tid="config parse" | | +# Possessing struct addrinfo is a reasonable proxy for IPv6