Silly question time
Ive got me SME 6.0.1-01 server humming along very nicely and have learned a ton of linux stuff along the way.(I escaped from dowz, yay me!)
In my security tightning attempts I wanted to limit access to ssh to my home ip address (server is offsite).
I added my home ip to the local networks using the netmask 255.255.255.255 to limit to that IP alone,set remote access as same and allowed access to ssh from local networks only.
But when I tried to secure shell in, I get rejected.
After manualy editing the hosts.allow file and dropping the netmask off, i could connect.
Cue lots of learning about the e-smith template system
and e-smith::db system (which took a couple of weeks to find).
Finaly discovered (duh) that if i change the netmask to 255.255.255.254 I can connect in quite happily.
Question is this, im now allowing 2 ip's access ( i assume they are my ip and the next octet up ?) is that correct or am I off base ? Why when i restrict it to 1, do i get blocked ?
Also ive done some external security scans and they identified that there is a possible security problem in several areas :- SSh accepting ssh1 connections (I cant find where to specify only ssh2)
and somehow getting the ident service to give up user names, even tho im behind a router firewall thats only letting port 80,25,ssh and ftp (on non standard ports, ssh restrictd to my home ip at firewall as well)through.
Am I right in assuming that FTP is allowing them to do this ?
I know that its my messing with the standard setup that has raised these issues, im not questioning the SME security at all. Im just keen to get it tightend up now that ive got it setup the way I want it.
Thanks
4 Replies
639 Views