[H-GEN] iptables autoblocking
David O'Brien
dob12460 at bigpond.net.au
Fri Jul 22 00:12:19 EDT 2005
On Friday 22 July 2005 13:59, Troy Piggins wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> * David O'Brien <dob12460 at bigpond.net.au> :
> > On Thursday 21 July 2005 07:44, Troy Piggins wrote:
>
> [snip]
>
> > > Firstly, and you hopefully have done this already, is to not
> > > permit root to login.
> > >
> > > Secondly, if it's only you or a couple of user's that use ssh,
> > > restrict the allowed users to just those few usernames.
> > >
> > > /etc/ssh/sshd_config: PermitRootLogin no AllowUsers anthony
> >
> > I use root to ssh into my linux box at home to do a port redirect
> > so I can use xchat/IRC from the office. If I were to change
> > PermitRootLogin to no, will that stop that? Sounds like it. It's
> > the only way I can use IRC from the office. I need to do it as
> > root because a "normal" user can't do port redirects.
>
> Why can't you log in as a normal user, and use sudo or su to root to
> achieve your task? You really don't need to actually log in as root
> to execute commands as root.
I actually got the command string from someone else. What I do is run xchat on
my box in the office, but when I try to connect to the IRC server, the
request is sent through ssh to my home box, which can use 6667 (office blocks
them). I'm not 100% familiar with *all* the redirects, etc., that occur, but
I was under the impression that I needed a root connection to do it. If I
can do it as a normal user, great. I'll be back in the office next week so
I'll try it.
For other tasks, yes, I just connect as myself and then su to root if I need
to.
cheers
David
--
The trouble with the gene pool is that there are no lifeguards
More information about the General
mailing list