vicidial.org

VICIDIAL astGUIclient discussion forum
http://forum.eflo.net/VICIDIALforum/

Blocking unauthorized access externally to SSH

http://forum.eflo.net/VICIDIALforum/viewtopic.php?f=4&t=36155

Page 1 of 1

Blocking unauthorized access externally to SSH

PostPosted: Tue Sep 20, 2016 9:22 pm
by kjburto
So I set up a brand new server based off the latest vicibox .iso and I installed and configured the Dynamic Good guys following all the steps one by one. I have confirmed that web access is blocked to all traffic not on the whitelist, but just recently discovered that SSH is pretty much open to all.

I currently have two different NICs configured, one for external traffic with its own IP address and one configured for internal traffic with an internal IP address.

The question is how do I secure SSH to not allow traffic from unauthorized IP addresses? I did not see any steps within the directions for DGG about securing ssh externally so I'm at a loss as to how to do this.


VERSION: 2.12-565a BUILD: 160827-0917
Express install on Dell Power edge 1950 Dula xeon quad core processors with 16GB ram and 1TB harddrive in Raid 1

Re: Blocking unauthorized access externally to SSH

PostPosted: Tue Sep 20, 2016 9:57 pm
by kjburto
Im going through my settings in yast firewall and under allowed services I still have SSH as allowed on my external NIC. According to the instructions on the DGG wiki it says DO NOT remove Secure Shell Server (that's SSH!!):

Allowed Services
"Tab" until you have highlighted "HTTP Server" and hit "Alt-t" (which is delete)
Yes, I really want to delete the selected entry (enter to select yes)
"Alt-t" again for HTTPS and delete it as well.
DO NOT remove Secure Shell Server (that's SSH!!)

So I didn't, but I am wondering if this is why I can still access SSH even though the IP is not whitelisted and should I remove that from the allowed services in order to secure my server further?

Re: Blocking unauthorized access externally to SSH

PostPosted: Tue Sep 20, 2016 10:37 pm
by covarrubiasgg
Yes, that is why, if you are 100% sure that you are not going to lock out the server and that it will not be very painful to get physical access to the server in case something goes wrong, go ahead and remove that rule, because it is unsafe to have ssh exposed to the world.

Re: Blocking unauthorized access externally to SSH

PostPosted: Wed Sep 21, 2016 7:06 am
by kjburto
covarrubiasgg wrote:Yes, that is why, if you are 100% sure that you are not going to lock out the server and that it will not be very painful to get physical access to the server in case something goes wrong, go ahead and remove that rule, because it is unsafe to have ssh exposed to the world.


Yep that was it. Thanks for the help
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/