Ssh server. How to block all internet traffic except ssh?

Discussion in 'OS X Mavericks (10.9)' started by Mikehuang, Mar 27, 2014.

  1. Mikehuang macrumors newbie

    Joined:
    Mar 27, 2014
    #1
    Hello all
    I'd like to know how i can block all incoming/outgoing traffic except ssh?
    Even the website access.... Outgoing/incoming. Except ssh

    Also how to enable ssh access will be appreciated.

    Thank you !
     
  2. hiddenmarkov macrumors 6502a

    Joined:
    Mar 12, 2014
    Location:
    Japan
    #2
    SSH access for *nix (which is what mac os at base....we can argue linux/unix/bsd later....when I run damn near all commands on basically the saem all we are starting to hit semantics really in my more open view of things) handled via editing a file. Quick google search found this.

    http://hints.macworld.com/article.php?story=20031006145736131


    this would be how I do it on other linux os'...so it looks right (have not fired up mbp to see if location good tbh). Mac os gui based I would imagine if you added user accounts with admin rights they get this automatically. Someone please correct if wrong., BUt you don't want every SSH user being admins regardless.

    Most *nix based OS's I know of have at least SSH on at client level out of the box.


    For SSH server configuration what are you looking at exactly? If you want port shutdown I am assuming a dedicated server. You'd have to pick os flavor for this server and read up on thier configs. the basic princibles are the same but file locations will vary.

    I'd also steer you away from only ssh port only communication. If you lock down all ports besides 22 (by default) life is getting real interesting real fast for you as services break. If you chose say cent os for a ssh server os and type sudo yum -y update it's going to spit out alot of cannot find repository messages. You need a few ports to open to get updates.
    research these based on OS you choose.
     
  3. SlCKB0Y macrumors 68040

    SlCKB0Y

    Joined:
    Feb 25, 2012
    Location:
    Sydney, Australia
    #3
    So the OP just needs to make sure there is no outbound filtering in place... then no problem.
     
  4. CarreraGuy macrumors regular

    CarreraGuy

    Joined:
    Jan 15, 2013
    #4
    System Preferences -> Sharing -> Remote Login (checked) for ssh/sftp.

    You can play with iptables (or whatever they call it now) and silently drop packets to other ports. But If you don't need stealth mode you can easily turn off web, filesharing, etc. but if someone tries to connect they will get a "connection refused" instead of timeouts to those ports.
     

Share This Page