diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/2012-September/008653.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/2012-September/008653.html | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/2012-September/008653.html b/zarb-ml/mageia-discuss/2012-September/008653.html new file mode 100644 index 000000000..c12e7d0ae --- /dev/null +++ b/zarb-ml/mageia-discuss/2012-September/008653.html @@ -0,0 +1,150 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Setting up a port forward + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C5041D118.7090805%40kde.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008648.html"> + <LINK REL="Next" HREF="008656.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Setting up a port forward</H1> + <B>Anne Wilson</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C5041D118.7090805%40kde.org%3E" + TITLE="[Mageia-discuss] Setting up a port forward">annew at kde.org + </A><BR> + <I>Sat Sep 1 11:10:48 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="008648.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008656.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8653">[ date ]</a> + <a href="thread.html#8653">[ thread ]</a> + <a href="subject.html#8653">[ subject ]</a> + <a href="author.html#8653">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +On 31/08/12 23:16, Deri James wrote: +><i> On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote: +</I>>><i> Why not simply have sshd listen on 2 ports and skip need for +</I>>><i> port forwarding? +</I>>><i> +</I>Thanks, Thomas and Deri. +>><i> +</I>>><i> Just uncomment the "Port 22" line in /etc/ssh/sshd_config and add +</I>>><i> a second line with the second port +</I>>><i> +</I>>><i> so it would look like +</I>>><i> +</I>>><i> Port 22 Port 5122 +</I>>><i> +</I>>><i> and restart sshd +</I>>><i> +</I>>><i> with this all access that expects port 22 will continue to work, +</I>>><i> and you can also access it through the new 5122 port. +</I>>><i> +</I>>><i> Simple and effective, and no portforwarding needed. +</I>>><i> +</I>Done + +><i> And add 5122/tcp to the "Advanced" tab in MCC -> Security -> +</I>><i> Personal Firewall (if you are using a personal firewall). +</I>><i> +</I>Also done + +><i> If the server is accessible from the internet I would recommend +</I>><i> some further changes to sshd_conf. This is what I use (assuming +</I>><i> this is a server for personal use, not with hundreds of users +</I>><i> connecting):- +</I>><i> +</I>><i> ================================================= +</I>><i> +</I>><i> LoginGraceTime 120 +</I> +Was 2m - I assume that is minutes and you gave seconds. Changed it anyway + +><i> PermitRootLogin no +</I>><i> +</I>><i> TCPKeepAlive yes +</I>><i> +</I>Both already set + +><i> AllowUsers ->your user name here<- MaxStartups 2:90:4 +</I>><i> +</I>><i> ================================================== +</I>><i> +</I>><i> The "MaxStartups" parameter deters the script kiddies trying to +</I>><i> guess the password:- +</I>><i> +</I>><i> +</I>><i> MaxStartups ======== +</I>><i> +</I>><i> Specifies the maximum number of concurrent unauthenticated +</I>><i> connections to the SSH daemon. Additional connections will be +</I>><i> dropped until authentication succeeds or the LoginGraceTime expires +</I>><i> for a connection. The default is 10. +</I>><i> +</I>><i> Alternatively, random early drop can be enabled by specifying the +</I>><i> three colon separated values “start:rate:full” (e.g. "10:30:60"). +</I>><i> sshd(8) will refuse connection attempts with a probability of +</I>><i> “rate/100” (30%) if there are currently “start” (10) +</I>><i> unauthenticated connections. The probability increases linearly and +</I>><i> all connection attempts are refused if the number of +</I>><i> unauthenticated connections reaches “full” (60). +</I>><i> +</I>Done. Also fail2ban is installed, which should give another layer of +protection. I've used that for ~3 years, and in that time only seen +3-4 times when it had to work, but work it did :-) + +Unfortunately, after adding the IMAP high port to shorewall and +telling dovecot to listen to that port, I still can't get my Roaming +mail profile to work. I'll have to explore more later today. + +Thanks for the help so far. + +Anne +- -- +Need KDE help? Try +<A HREF="http://userbase.kde.org">http://userbase.kde.org</A> or +<A HREF="http://forum.kde.org">http://forum.kde.org</A> +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) +Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A> + +iEYEARECAAYFAlBB0Q8ACgkQj93fyh4cnBcQigCfRwIxl7J7KMPepl+v4uSyW8HU +Ge4An2h/UIKMlrnC/f7b8j0dlyBdT+xE +=TKtn +-----END PGP SIGNATURE----- +</PRE> + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008648.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008656.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8653">[ date ]</a> + <a href="thread.html#8653">[ thread ]</a> + <a href="subject.html#8653">[ subject ]</a> + <a href="author.html#8653">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |