Request for a Lockdown option
Manon Goo
manon.goo at dg-i.net
Thu Jul 4 09:41:15 AEST 2024
Dear Christian,
>How is this different to configuring /etc/securetty and tunnelling
>Telnet over SSH Port Forwarding which I don't recommend BTW?
In case your SSH is remotely attackable for instance
- because your LDAP is configured wrongly,
- your run into some problem like CVE-2008-0166
- some users private keys are lost
And you want to lock down the sshd and investigate and fix the problem, then your solution may not be helpful because SSH is still exposed and attackable.
The solution I do propose is an alterative to Port-Knocking or packet filtering because it aims to un-expose the vulnerability of ssh and give the Administrators some time to fix the problems.
Kind Regards
Manon
More information about the openssh-unix-dev
mailing list