Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
General
GeneralPortable MacsHardwareNetworking
Applications
Mac ApplicationsEudoraFirefox / MozillaInternet ExplorerOutlook ExpressMS OfficeEntourageExcelPowerPointWordVirtual PCMedia PlayerOther MS Products
Programming
Mac ProgrammingCodeWarriorPerl
Country Specific
Australian Mac GroupUK Mac Group

Mac Forum / General / General / February 2007


Tip: Looking for answers? Try searching our database.

opening small hole in firewall

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Király - 28 Feb 2007 06:21 GMT
I'd like to turn on SSH on my Mac so I can access it from work.  To keep
things as secure as possible I'd like to only permit access from one IP
address (my work computer) and block SSH access from all others.

This doesn't seem possible with the GUI firewall tools.  Is it possible to
do this on the command linem or do I have to buy third party firewall
software?

I have read the man page for ipfw and it's mostly Greek to me.

If it is indeed possible on the command line, two questions:

1) How do I undo it if I need to
2) Would opening the Firewall pref pane override any settings I had set
with the command line?

Thanks for any help.

Signature

K.

Lang may your lum reek.

Reply to this Message
Jolly Roger - 28 Feb 2007 06:43 GMT
> I'd like to turn on SSH on my Mac so I can access it from work.  To keep
> things as secure as possible I'd like to only permit access from one IP
[quoted text clipped - 11 lines]
> 2) Would opening the Firewall pref pane override any settings I had set
> with the command line?

This isn't a direct answer to your question, but you could always just
add this to your /etc/sshd_config file:

    AllowUsers you@your.domain.com

Keep in mind doing this restricts access to SSH even from computers on
your home LAN. So you'll want to add entries for that domain as well.

Signature

JR

Reply to this Message
Tom Stiller - 28 Feb 2007 12:54 GMT
> > I'd like to turn on SSH on my Mac so I can access it from work.  To keep
> > things as secure as possible I'd like to only permit access from one IP
[quoted text clipped - 19 lines]
> Keep in mind doing this restricts access to SSH even from computers on
> your home LAN. So you'll want to add entries for that domain as well.

You could also opt for a stronger form of SSH authentication (e.g.
public keys).  Doing so restricts access to those machines which have
exchanged keys (e.g. sneakernet or physicak interconnect) prior to any
connection attempt.

Signature

Tom Stiller

PGP fingerprint =  5108 DDB2 9761 EDE5 E7E3
                  7BDA 71ED 6496 99C0 C7CF

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.