Re: OpenSSH 3.4p1 Trouble on SCO 5.0.5 -- use a VPN instead?

On Wed, Mar 26, 2008, jd wrote:


On Wed, 26 Mar 2008, Nico Kadel-Garcia wrote:

On 25 Mar, 09:12, Rob <r...@xxxxxxxxxxx> wrote:

Steve,

what about using tcp_wrappers as to perform a "route delete" on the offending IP?

If memory serves, there was a porting of tcp_wrapper for SCO OS5 on a TLS076a
on the FTP site:

ftp://ftp.sco.com/pub/TLS/tls076a.tcp_wrappers.tar.Z

Hope this helps!

If our faithful here only needs SSH access from a small set of well-
maintained sites, that might work well. However, if he has clients who
use NAT on their ISP networks (such as AOL, which uses 10.* internal
addresses), than the tcp_wrapper will block the NAT and everything
behind the NAT server.

We use tcp_wrappers extensively, and absolutely require it when
allowing username/password authentication via SSH. Normally we
only permit authentication via authorized_keys, with good pass
phrases, with tcp_wrappers not restricting sshd access (it's used
for many other services).

Then perhaps a VPN (such as OpenVPN) is a more appropriate solution for
remote access, instead of SSH (although SSH can be used over the VPN).

OpenVPN is great -- unless one has high packet loss as it
normally runs with UDP. I particularly like it for Windows users
as it doesn't require that they think much to use it. We
generate a zip file with the configuration files and keys that
they can just drop in the correct place.

Bill
--
INTERNET: bill@xxxxxxxxxxxxx Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676

Those who cast the vote decide nothing.
Those who count the vote decide everything. (Joseph Stalin)
.

Relevant Pages

  • 2621 SSH Client Hanging
    ... I'm trying to configure SSH on a 2621 running IOS ik9o3s3. ... interface FastEthernet0/0 ... ip nat outside ... ip nat inside source static tcp 192.168.15.10 443 interface ...
    (comp.dcom.sys.cisco)
  • Re: Help - OpenSSH client failing on NAT where ssh.com gui client works???
    ... >Speedstream residential NAT DSL router. ... >Now the real kicker is that if I try to login using SSH Communications ... the experience usually comes from bad judgement. ...
    (comp.security.ssh)
  • Re: Odd tcp dump? was: ssh working with dialup, not through router
    ... >> except via a single NAT port mapping sort of connection. ... > As far as I understand, this is exactly what the router box is ... > It says that NAT is on (in its web config interface). ... NAT should translate the ssh port ...
    (Fedora)
  • what script is whacking roots files
    ... I have a freshly installed 7.0 release server. ... The configuration files (all dot files including .ssh etc.) in /root keep getting deleted. ...
    (freebsd-questions)
  • iptables NAT + ssh
    ... I have been trying to figure out how to use NAT in combination with ssh, ... At the moment I have my personal machine on a local network, a firewall ... I have set up ssh so I can connect to port 80 on machine #4 by accessing ...
    (comp.security.firewalls)