diff options
Diffstat (limited to 'zarb-ml/mageia-discuss/2012-September/008656.html')
| -rw-r--r-- | zarb-ml/mageia-discuss/2012-September/008656.html | 155 |
1 files changed, 155 insertions, 0 deletions
diff --git a/zarb-ml/mageia-discuss/2012-September/008656.html b/zarb-ml/mageia-discuss/2012-September/008656.html new file mode 100644 index 000000000..5ac593cae --- /dev/null +++ b/zarb-ml/mageia-discuss/2012-September/008656.html @@ -0,0 +1,155 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-discuss] Setting up a port forward + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C504255C4.50702%40kde.org%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="008653.html"> + <LINK REL="Next" HREF="008649.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-discuss] Setting up a port forward</H1> + <B>Anne Wilson</B> + <A HREF="mailto:mageia-discuss%40mageia.org?Subject=Re%3A%20%5BMageia-discuss%5D%20Setting%20up%20a%20port%20forward&In-Reply-To=%3C504255C4.50702%40kde.org%3E" + TITLE="[Mageia-discuss] Setting up a port forward">annew at kde.org + </A><BR> + <I>Sat Sep 1 20:36:52 CEST 2012</I> + <P><UL> + <LI>Previous message: <A HREF="008653.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008649.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8656">[ date ]</a> + <a href="thread.html#8656">[ thread ]</a> + <a href="subject.html#8656">[ subject ]</a> + <a href="author.html#8656">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +On 01/09/12 10:10, Anne Wilson wrote: +><i> On 31/08/12 23:16, Deri James wrote: +</I>>><i> On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote: +</I>>>><i> Why not simply have sshd listen on 2 ports and skip need for +</I>>>><i> port forwarding? +</I>>>><i> +</I>><i> Thanks, Thomas and Deri. +</I>>>><i> +</I>>>><i> Just uncomment the "Port 22" line in /etc/ssh/sshd_config and +</I>>>><i> add a second line with the second port +</I>>>><i> +</I>>>><i> so it would look like +</I>>>><i> +</I>>>><i> Port 22 Port 5122 +</I>>>><i> +</I>>>><i> and restart sshd +</I>>>><i> +</I>>>><i> with this all access that expects port 22 will continue to +</I>>>><i> work, and you can also access it through the new 5122 port. +</I>>>><i> +</I>>>><i> Simple and effective, and no portforwarding needed. +</I>>>><i> +</I>><i> Done +</I>><i> +</I>>><i> And add 5122/tcp to the "Advanced" tab in MCC -> Security -> +</I>>><i> Personal Firewall (if you are using a personal firewall). +</I>><i> +</I>><i> Also done +</I>><i> +</I>>><i> If the server is accessible from the internet I would recommend +</I>>><i> some further changes to sshd_conf. This is what I use (assuming +</I>>><i> this is a server for personal use, not with hundreds of users +</I>>><i> connecting):- +</I>><i> +</I>>><i> ================================================= +</I>><i> +</I>>><i> LoginGraceTime 120 +</I>><i> +</I>><i> Was 2m - I assume that is minutes and you gave seconds. Changed +</I>><i> it anyway +</I>><i> +</I>>><i> PermitRootLogin no +</I>><i> +</I>>><i> TCPKeepAlive yes +</I>><i> +</I>><i> Both already set +</I>><i> +</I>>><i> AllowUsers ->your user name here<- MaxStartups 2:90:4 +</I>><i> +</I>>><i> ================================================== +</I>><i> +</I>>><i> The "MaxStartups" parameter deters the script kiddies trying to +</I>>><i> guess the password:- +</I>><i> +</I>><i> +</I>>><i> MaxStartups ======== +</I>><i> +</I>>><i> Specifies the maximum number of concurrent unauthenticated +</I>>><i> connections to the SSH daemon. Additional connections will be +</I>>><i> dropped until authentication succeeds or the LoginGraceTime +</I>>><i> expires for a connection. The default is 10. +</I>><i> +</I>>><i> Alternatively, random early drop can be enabled by specifying the +</I>>><i> three colon separated values “start:rate:full” (e.g. +</I>>><i> "10:30:60"). sshd(8) will refuse connection attempts with a +</I>>><i> probability of “rate/100” (30%) if there are currently “start” +</I>>><i> (10) unauthenticated connections. The probability increases +</I>>><i> linearly and all connection attempts are refused if the number of +</I>>><i> unauthenticated connections reaches “full” (60). +</I>><i> +</I>><i> Done. Also fail2ban is installed, which should give another layer +</I>><i> of protection. I've used that for ~3 years, and in that time only +</I>><i> seen 3-4 times when it had to work, but work it did :-) +</I>><i> +</I>><i> Unfortunately, after adding the IMAP high port to shorewall and +</I>><i> telling dovecot to listen to that port, I still can't get my +</I>><i> Roaming mail profile to work. I'll have to explore more later +</I>><i> today. +</I>><i> +</I>><i> Thanks for the help so far. +</I>><i> +</I>Just to confirm - the IMAP forwarding still isn't working, so I have to +explore further on that but ssh is working. + +Anne +- -- +Need KDE help? Try +<A HREF="http://userbase.kde.org">http://userbase.kde.org</A> or +<A HREF="http://forum.kde.org">http://forum.kde.org</A> +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (GNU/Linux) +Comment: Using GnuPG with Mozilla - <A HREF="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</A> + +iEYEARECAAYFAlBCVboACgkQj93fyh4cnBdWygCfe8BAki5aJnUk4RtqNHTrZvFH +N5wAnR/lxpt0xKsX2+kbZ+ITtcbwwdsT +=Nv9n +-----END PGP SIGNATURE----- +</PRE> + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="008653.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI>Next message: <A HREF="008649.html">[Mageia-discuss] Setting up a port forward +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#8656">[ date ]</a> + <a href="thread.html#8656">[ thread ]</a> + <a href="subject.html#8656">[ subject ]</a> + <a href="author.html#8656">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-discuss">More information about the Mageia-discuss +mailing list</a><br> +</body></html> |