Firewall Wizards mailing list archives

Re: Issues opeing firewall for SSH/SecureFTP?

From: Frank Knobbe <frank () knobbe us>
Date: Thu, 12 Aug 2004 15:16:26 -0500

On Mon, 2004-08-09 at 14:34, Chris Conacher wrote:

3. I understand that SSH is a great opportunity for tunneling attacks if an 
exploit is discovered, but I feel that there is it possible to manage this 
exposure through the existence of a DMZ based bastion host, rather than 
providing external people with access to the VPN.



If you configure the host-based firewall of the SSH server so that no
outbound connections are allowed, and further shield outbound (and
inbound of course) access with a network-base firewall, then I don't see
much ability for your users/contractors to misuse SSH for tunneling
purposes.

Keep your host security tight and perhaps only run a secure SFTP server,
and not the normal SSH server, so that folks can not log in and get a
shell (in other words, only provide SFTP service, not secure SHELL
access). 

Hope this helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Issues opeing firewall for SSH/SecureFTP? Chris Conacher (Aug 12)
- Re: Issues opeing firewall for SSH/SecureFTP? Frank Knobbe (Aug 12)
- Re: Issues opeing firewall for SSH/SecureFTP? Victor Williams (Aug 12)
- RE: Issues opeing firewall for SSH/SecureFTP? Bill Royds (Aug 12)
- <Possible follow-ups>
- RE: Issues opeing firewall for SSH/SecureFTP? David West (Aug 20)
  - RE: Issues opeing firewall for SSH/SecureFTP? R. DuFresne (Aug 20)