LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-18-2005, 04:04 PM   #1
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
Make sshd answer only on a certain hostname ?


I'm looking at securing sshd inbound access by hostname, so that I allocate a subdomain to my FQDN expressly to access functions like ssh and other admin pages served by Apache. In Apache that's relatively easy thing to accomplish with the virtualhost directive. I can't, however, find any directive in sshd_config that will allow me to ListenHostName like you can ListenAddress.

I have a dynamic IP so ListenAddress won't work, and, in any event, it wouldn't work unless the subdomain were allocated a different IP than the master domain.

If my idea seems incoherent, what I want to do is obscure my admin utilities behind something like random-number.mydomain.com and have sshd ONLY listen on that subdomain but not www.mydomain.com This is not the same thing as hosts.allow (AFAIK) because I want to alter the hostname sshd listens on, not the remote address sshd will accept connections from.

That way people portscanning my master domain (who don't do a domain zone transfer as well) won't even see that I have SSHd running, or any of the other remote services I want to keep private.

I know security through obscurity is not very good route on its own, but if it's possible to do it would be a nice extra hurdle.
 
Old 07-18-2005, 04:06 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Unfortunately, this is impossible due to the SSH protocol. The SSH protocol does not send a hostname to the server. DNS is used solely to resolve the IP, then it establishes a connection based on that.
 
Old 07-18-2005, 04:16 PM   #3
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Original Poster
Rep: Reputation: 30
I had a feeling that would be the case; it's the same kind of situation you and I have discussed with iptables.

If only my office had a static IP.

Thanks Matir
 
Old 07-18-2005, 04:19 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
No problem. For reference (for both you and anyone who finds this later) HTTP and HTTPS are the only protocols that I know of that send the requested hostname to the server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sshd won't start anymore - hostname? AndK Linux - Newbie 2 04-20-2005 03:10 AM
Trying to make my sshd service to work. Help please! babyboss Linux - Distributions 3 10-28-2004 10:09 PM
How to make change in hostname beowulf405 Linux - General 4 03-12-2004 11:24 PM
I can't make sshd like my config file Travis86 Linux - Networking 5 07-28-2003 10:23 PM
Changed my hostname and broke sshd Itzac Linux - Networking 7 03-23-2003 07:54 PM


All times are GMT -5. The time now is 01:35 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration