Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Ssh server. How to block all internet traffic except ssh?
- Thread starter Mikehuang
- Start date
- Sort by reaction score
SSH access for *nix (which is what mac os at base....we can argue linux/unix/bsd later....when I run damn near all commands on basically the saem all we are starting to hit semantics really in my more open view of things) handled via editing a file. Quick google search found this.
http://hints.macworld.com/article.php?story=20031006145736131
this would be how I do it on other linux os'...so it looks right (have not fired up mbp to see if location good tbh). Mac os gui based I would imagine if you added user accounts with admin rights they get this automatically. Someone please correct if wrong., BUt you don't want every SSH user being admins regardless.
Most *nix based OS's I know of have at least SSH on at client level out of the box.
For SSH server configuration what are you looking at exactly? If you want port shutdown I am assuming a dedicated server. You'd have to pick os flavor for this server and read up on thier configs. the basic princibles are the same but file locations will vary.
I'd also steer you away from only ssh port only communication. If you lock down all ports besides 22 (by default) life is getting real interesting real fast for you as services break. If you chose say cent os for a ssh server os and type sudo yum -y update it's going to spit out alot of cannot find repository messages. You need a few ports to open to get updates.
research these based on OS you choose.
http://hints.macworld.com/article.php?story=20031006145736131
this would be how I do it on other linux os'...so it looks right (have not fired up mbp to see if location good tbh). Mac os gui based I would imagine if you added user accounts with admin rights they get this automatically. Someone please correct if wrong., BUt you don't want every SSH user being admins regardless.
Most *nix based OS's I know of have at least SSH on at client level out of the box.
For SSH server configuration what are you looking at exactly? If you want port shutdown I am assuming a dedicated server. You'd have to pick os flavor for this server and read up on thier configs. the basic princibles are the same but file locations will vary.
I'd also steer you away from only ssh port only communication. If you lock down all ports besides 22 (by default) life is getting real interesting real fast for you as services break. If you chose say cent os for a ssh server os and type sudo yum -y update it's going to spit out alot of cannot find repository messages. You need a few ports to open to get updates.
research these based on OS you choose.
So the OP just needs to make sure there is no outbound filtering in place... then no problem.
System Preferences -> Sharing -> Remote Login (checked) for ssh/sftp.
You can play with iptables (or whatever they call it now) and silently drop packets to other ports. But If you don't need stealth mode you can easily turn off web, filesharing, etc. but if someone tries to connect they will get a "connection refused" instead of timeouts to those ports.
You can play with iptables (or whatever they call it now) and silently drop packets to other ports. But If you don't need stealth mode you can easily turn off web, filesharing, etc. but if someone tries to connect they will get a "connection refused" instead of timeouts to those ports.