From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-discuss/2012-September/008653.html | 150 ++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 zarb-ml/mageia-discuss/2012-September/008653.html (limited to 'zarb-ml/mageia-discuss/2012-September/008653.html') diff --git a/zarb-ml/mageia-discuss/2012-September/008653.html b/zarb-ml/mageia-discuss/2012-September/008653.html new file mode 100644 index 000000000..c12e7d0ae --- /dev/null +++ b/zarb-ml/mageia-discuss/2012-September/008653.html @@ -0,0 +1,150 @@ + + + + [Mageia-discuss] Setting up a port forward + + + + + + + + + +

[Mageia-discuss] Setting up a port forward

+ Anne Wilson + annew at kde.org +
+ Sat Sep 1 11:10:48 CEST 2012 +

+
+ +
-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+On 31/08/12 23:16, Deri James wrote:
+> On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote:
+>> Why not simply have sshd listen on 2 ports and skip need for
+>> port forwarding?
+>> 
+Thanks, Thomas and Deri.
+>> 
+>> Just uncomment the "Port 22" line in /etc/ssh/sshd_config and add
+>> a second line with the second port
+>> 
+>> so it would look like
+>> 
+>> Port 22 Port 5122
+>> 
+>> and restart sshd
+>> 
+>> with this all access that expects port 22 will continue to work, 
+>> and you can also access it through the new 5122 port.
+>> 
+>> Simple and effective, and no portforwarding needed.
+>> 
+Done
+
+> And add 5122/tcp to the "Advanced" tab in MCC -> Security ->
+> Personal Firewall (if you are using a personal firewall).
+> 
+Also done
+
+> If the server is accessible from the internet I would recommend
+> some further changes to sshd_conf. This is what I use (assuming
+> this is a server for personal use, not with hundreds of users
+> connecting):-
+> 
+> =================================================
+> 
+> LoginGraceTime 120
+
+Was 2m - I assume that is minutes and you gave seconds.  Changed it anyway
+
+> PermitRootLogin no
+> 
+> TCPKeepAlive yes
+> 
+Both already set
+
+> AllowUsers ->your user name here<- MaxStartups 2:90:4
+> 
+> ==================================================
+> 
+> The "MaxStartups" parameter deters the script kiddies trying to
+> guess the password:-
+> 
+> 
+> MaxStartups ========
+> 
+> Specifies the maximum number of concurrent unauthenticated
+> connections to the SSH daemon. Additional connections will be
+> dropped until authentication succeeds or the LoginGraceTime expires
+> for a connection. The default is 10.
+> 
+> Alternatively, random early drop can be enabled by specifying the
+> three colon separated values “start:rate:full” (e.g. "10:30:60").
+> sshd(8) will refuse connection attempts with a probability of
+> “rate/100” (30%) if there are currently “start” (10)
+> unauthenticated connections. The probability increases linearly and
+> all connection attempts are refused if the number of 
+> unauthenticated connections reaches “full” (60).
+> 
+Done.  Also fail2ban is installed, which should give another layer of
+protection.  I've used that for ~3 years, and in that time only seen
+3-4 times when it had to work, but work it did :-)
+
+Unfortunately, after adding the IMAP high port to shorewall and
+telling dovecot to listen to that port, I still can't get my Roaming
+mail profile to work.  I'll have to explore more later today.
+
+Thanks for the help so far.
+
+Anne
+- -- 
+Need KDE help? Try
+http://userbase.kde.org or
+http://forum.kde.org
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (GNU/Linux)
+Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
+
+iEYEARECAAYFAlBB0Q8ACgkQj93fyh4cnBcQigCfRwIxl7J7KMPepl+v4uSyW8HU
+Ge4An2h/UIKMlrnC/f7b8j0dlyBdT+xE
+=TKtn
+-----END PGP SIGNATURE-----
+
+ + + +
+

+ +
+More information about the Mageia-discuss +mailing list
+ -- cgit v1.2.1