How to disable ssh from RED

How can i find out why the ssh-connection from RED is working?

Whatever i try, the ssh Connection from extern is always reachable if the sshd is running.!

Normally, the only way you could get ssh access into IPFire from RED would be to have a Firewall Rule permitting that. Otherwise the default setting is that any access from RED to the IPFire Firewall itself or any of the zones is blocked.

What do you have in your Firewall Rules section.

2 Likes

What about using the ListenAddress configuration option in /etc/ssh/sshd_config for only the interfaces you allow incoming ssh connections to?

Hi,

are you testing this from behind your IPFire installation?

Either way, this suspiciously reminds me of that topic:

In case there is a scenario where IPFire exposes it’s SSH port to RED by accident, we have got to nail down it and fix the underlying problem. Otherwise, it would be interesting to see the full configuration of your IPFire machine. Please post as much as information as you can.

Thanks, and best regards,
Peter MĂĽller

3 Likes

Hello Adolf Belka,

In the Firewallsection there are about 220 Rules but no one for Port 222 from RED or *.

Hello Data Morgana,

This would work, but i dont want to make too much extra configs.
And this shouldnt work out of the box.

Hello Peter MĂĽller,

What do you mean with “Behind your IPFire installation”?
I have tested from the Internet (RED-Interface). Sure.
==> That should not work !!

I think there is no special Scenario.
What do you need to see the full configuration.

Thanks

Hi Helmut, my workaround would certainly also not be an appropriate solution in the light of a suspected security issue with the IPFire configuration, which is yet to be verified.

I would suggest you see what Steve Gibson’s ShieldsUp! says about port 222 on your firewall. That is assuming you’re using port 222, of course. I checked mine and it’s “stealth” which is apparently Gibson-speak for blocking unsolicited incoming traffic.

hxxps://www.grc.com/x/portprobe=222

1 Like

Hello Data Morgana,

Ok i will fix it on this way for now.
But i want to know why this is working.

Hello krasnal .

  1. I can connect to the Firewall from anywhere in the Internet via ssh (Port 222).
  2. A Penetrationtest have found the Port.
    => Why i should test it once more? I dont wish the Port is reachable from Internet !!

Hi,

this should not happen indeed.

Could you please post the output of the following commands (or DM them to me in case you do not want to make them public):

  • iptables -L -n -v -t nat
  • iptables -L -n -v -t raw
  • route
  • ifconfig
  • netstat -tulpen

Cc: @troll-op

Thanks, and best regards,
Peter MĂĽller

Unless a specific rule is written…

Hi,

well, according to OP, there is none - at least none written with that intention in mind.

This is why I am asking for raw information…

Thanks, and best regards,
Peter MĂĽller

1 Like

@pmueller … promise it was not me this time… I’ve been good.
:innocent:

sxfire if you don’t have entries in the firewall rules section, did you by any chance create any manuel entries in /etc/sysconfig/rc.local or /etc/sysconfig/firewall.local?

If you created any entries that accept, for example from a country region, it will permit all kinds of things not defined in any iptables for that region. WebGUI becomes accesible, SSH opens up, etc. You get the picture.

Wish you all a lekker evening