Openssh port frowarding and TCP Wrappers - SSH

This is a discussion on Openssh port frowarding and TCP Wrappers - SSH ; Hi I'm trying to improve the security (using TCP Wrappers) of access to certain ports on a server that are forwarded via OpenSSH and have seen various mails talking about use of sshfwd-XXXX in /etc/hosts.allow... Can anyone confirm whether this ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Openssh port frowarding and TCP Wrappers

  1. Openssh port frowarding and TCP Wrappers

    Hi

    I'm trying to improve the security (using TCP Wrappers) of access to
    certain ports on a server that are forwarded via OpenSSH and have seen
    various mails talking about use of

    sshfwd-XXXX in /etc/hosts.allow...

    Can anyone confirm whether this is current functionaly in OpenSSH 3.5
    (and newer) or is it out of date info.

    TIA

    Bertus
    bertiebones@gmail.com


  2. Re: Openssh port frowarding and TCP Wrappers

    >>>>> "BB" == bertiebones writes:

    BB> Hi I'm trying to improve the security (using TCP Wrappers) of
    BB> access to certain ports on a server that are forwarded via OpenSSH
    BB> and have seen various mails talking about use of

    BB> sshfwd-XXXX in /etc/hosts.allow...

    BB> Can anyone confirm whether this is current functionaly in OpenSSH
    BB> 3.5 (and newer) or is it out of date info.

    This was never part of OpenSSH, but rather Tectia (ssh.com).

    BB> TIA

    BB> Bertus bertiebones@gmail.com


    --
    Richard Silverman
    res@qoxp.net


  3. Re: Openssh port frowarding and TCP Wrappers

    Richard E. Silverman wrote:

    > BB> sshfwd-XXXX in /etc/hosts.allow...
    >
    > BB> Can anyone confirm whether this is current functionaly in OpenSSH
    > BB> 3.5 (and newer) or is it out of date info.
    >
    > This was never part of OpenSSH, but rather Tectia (ssh.com).
    >



    Thanks...

    Any pointers on the best way of securing SSH forwarded ports?

    I know netfilter/iptables is a possibility, but not terribly suitable
    since we have road warriors who need to access these ports from
    anywhere often via dial up Internet connections and hence i need to
    allow access from certain ISP domains ..

    Anther might seem to be xinetd, where I define a inetd service
    monitored by TCP wrappers and this starts up the tunnel when an attempt
    to connect to the forwarded port occurs, only problem with this is I'm
    not sure how I get it just to start the tunnel once, when several
    attempts to use the tunnel are likely. I suppose a wrapper that checks
    for the existence of the port is possible.

    Any hints appreciated..

    TIA

    Bertus
    bertiebones@gmail.com


+ Reply to Thread