HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=25)
-   -   Restrict ssh local network discovery (http://www.howtoforge.com/forums/showthread.php?t=51523)

nopsx 19th February 2011 02:54

Restrict ssh local network discovery
 
I'm about to start on a project in a hosting environment, mostly developing the front end application for clients to setup their hosts. Anyway, i'm getting familiar with ispconfig 3 on a Centos 5.5 server, i've been tearing through the manual and other rhel manuals.

I'm not sure if this is something I should be doing on the OS itself or in ispconfig, but when I create a 'test' client and ssh (using jailkit) into their environment, using the ssh client inside the jail, i'm able to connect to other machines on the LAN. This is an issue where a client could pivot attacks into the internal network, or at the least, the host of the ispconfig machine.

Should I be mitigating this with firewall rules inside ispconfig? Any help would be appreciated, i'm trying to learn as much as possible about the hosting environment before designing an application around it.

falko 19th February 2011 16:26

I guess you can solve this problem with an iptables rule. In addition to that you could install fail2ban on all your hosts so that attackers would be blocked.


All times are GMT +2. The time now is 04:29.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.