Date: Wed, 5 Mar 2014 18:43:27 -0600 From: Scot Hetzel <swhetzel@gmail.com> To: freebsd-gnats-submit@freebsd.org Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>, Nicola Galante <galante@veritas.sao.arizona.edu> Subject: Re: misc/187307: Security vulnerability with FreeBSD Jail Message-ID: <CACdU%2Bf_HBn36o7abCyCvY04D1AA6O0FtVV9mZ__qm0_6XP4x=g@mail.gmail.com> In-Reply-To: <5317B597.5050900@delphij.net> References: <201403052307.s25N7NoD045308@cgiserv.freebsd.org> <5317B597.5050900@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 5, 2014 at 5:39 PM, Xin Li <delphij@delphij.net> wrote: > So the solution would be to change your configuration such that: > : > 2) Do not make host's sshd to listen on all addresses, instead, only > listen to the designated host IP address. This is not a security > measure but avoids confusion. > You will want to change the hosts sshd_config to only listen on the 10.0.0.100 address: ListenAddress 10.0.0.100 If the host needs to listen on multiple addresses, just add another ListenAddress. http://www.cyberciti.biz/tips/howto-openssh-sshd-listen-multiple-ip-address.html -- DISCLAIMER: No electrons were maimed while sending this message. Only slightly bruised.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACdU%2Bf_HBn36o7abCyCvY04D1AA6O0FtVV9mZ__qm0_6XP4x=g>