Netfilter, owner match and ssh
Kilobug
kilobug@club-internet.fr
Mon, 15 Oct 2001 21:32:36 +0200
Hello,
I want to allow ssh access to a computer, but not for root user. I know
there is the "AllowRootLogin" of ssh. But the main point is that
is a security flaw (like a buffer overflow) is found in ssh, this option
can be bypassed.
So my idea was to do:
iptables -A OUTPUT -m owner --uid-owner 0 -j DROP
But this block all ssh, because the key exchange and password/key
identification is done while sshd run as root. Is there a way to allow
the first step of the ssh connection to pass, but close the connection
after a given amount of data, or anything else?
Thank you
--
** Gael Le Mignot, Ing3 EPITA, Coder of The Kilobug Team **
Home Mail : kilobug@freesurf.fr Work Mail : le-mig_g@epita.fr
GSM : 06.71.47.18.22 (in France) ICQ UIN : 7299959
Web : http://kilobug.freesurf.fr or http://drizzt.dyndns.org
"Software is like sex it's better when it's free.", Linus Torvalds