Iptables and Logins at boot-up

John J. Boyer director at chpi.org
Sun Oct 10 15:12:42 UTC 2004


What's the latest version of Redhat, and how do I upgrade 
wiping out my present accounts and data? Can I upgrade from Redhat 8.0 
using BRLTTY, including kernel replacement?

I feel like i'm asking all the dumb questions, but maybe others will 
benefit from the answers as well. It is certai`nly faster and less 
frustrating to ask than to search through reams of documentation.


On Sun, 10 Oct 2004, Janina Sajka wrote:

> Andor Demarteau writes:
> > On Sat, 9 Oct 2004, John J. Boyer wrote:
> > 
> >  > Thanks to all who helped with the ssh problem. There were two gotchas.
> >  > Iptables was blocking all connections, and password authentication was
> >  > turned off. Now I want to use the target machine to receive mail and for
> >  > backup. When I boot the target machine, iptables is on and I have to log
> >  > in as root to turn it off. How can I set iptables to be off at boot time?
> >  > Or, better, to accept ssh and scp only from the source machine?
> > well if you can login already as root, you probably can login as any user.
> > 
> > Find the line in your rule-set that allows ssh-access (port 22).
> > add to this line the -s or --source flag with the ip-address of the
> > souce-box.
> > providing the output-chaing allows all outgping traffic, that's all.
> > 
> > Disableing iptables may not be a good idea security-wise.
> > 
> > 
> >  > Two user accounts receive mail continuously. I would like to have them
> >  > automatically logged on at boot time. Is this possible? How?
> John, you're reinventing the wheel here, and your coming up with a
> square. That's not the proper means toward this end. You don't want
> those users always logged on. You actually want them to receive their
> mail without always entering a password.
> Look at the ssh man page and put together an appropriate
> .ssh/authorized_keys file. That will take care of that.
> The more correct resolution is:
> 1.)	Upgrade as per my last message.
> 2.)	Configure your machine to receive mail (on port 25)
> 3.)	Configure TLS authentication
> 4.)	Have your users use TLS to get and send mail.
> This way, they'll be able to access the mail server from anywhere--even
> half way around the world in a hotel room.
> What you're talking about is a quick work around that has implications
> you just haven't considered sufficiently. Some of those are being
> pointed out in other messages.
> _______________________________________________
> Blinux-list mailing list
> Blinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/blinux-list

John J. Boyer; Executive Director, Chief Software Developer
Computers to Help People, Inc.
825 East Johnson; Madison, WI 53703

More information about the Blinux-list mailing list