Iptables and Logins at boot-up
John J. Boyer
director at chpi.org
Sun Oct 10 15:12:42 UTC 2004
What's the latest version of Redhat, and how do I upgrade
wiping out my present accounts and data? Can I upgrade from Redhat 8.0
using BRLTTY, including kernel replacement?
I feel like i'm asking all the dumb questions, but maybe others will
benefit from the answers as well. It is certai`nly faster and less
frustrating to ask than to search through reams of documentation.
On Sun, 10 Oct 2004, Janina Sajka wrote:
> Andor Demarteau writes:
> > On Sat, 9 Oct 2004, John J. Boyer wrote:
> > > Thanks to all who helped with the ssh problem. There were two gotchas.
> > > Iptables was blocking all connections, and password authentication was
> > > turned off. Now I want to use the target machine to receive mail and for
> > > backup. When I boot the target machine, iptables is on and I have to log
> > > in as root to turn it off. How can I set iptables to be off at boot time?
> > > Or, better, to accept ssh and scp only from the source machine?
> > well if you can login already as root, you probably can login as any user.
> > Find the line in your rule-set that allows ssh-access (port 22).
> > add to this line the -s or --source flag with the ip-address of the
> > souce-box.
> > providing the output-chaing allows all outgping traffic, that's all.
> > Disableing iptables may not be a good idea security-wise.
> > > Two user accounts receive mail continuously. I would like to have them
> > > automatically logged on at boot time. Is this possible? How?
> John, you're reinventing the wheel here, and your coming up with a
> square. That's not the proper means toward this end. You don't want
> those users always logged on. You actually want them to receive their
> mail without always entering a password.
> Look at the ssh man page and put together an appropriate
> .ssh/authorized_keys file. That will take care of that.
> The more correct resolution is:
> 1.) Upgrade as per my last message.
> 2.) Configure your machine to receive mail (on port 25)
> 3.) Configure TLS authentication
> 4.) Have your users use TLS to get and send mail.
> This way, they'll be able to access the mail server from anywhere--even
> half way around the world in a hotel room.
> What you're talking about is a quick work around that has implications
> you just haven't considered sufficiently. Some of those are being
> pointed out in other messages.
> Blinux-list mailing list
> Blinux-list at redhat.com
John J. Boyer; Executive Director, Chief Software Developer
Computers to Help People, Inc.
825 East Johnson; Madison, WI 53703
More information about the Blinux-list