Requiring Ssh For Remote Connections; Additional Resources; Installed Documentation - Red Hat ENTERPRISE LINUX 4.5.0 Reference Manual

Chapter 20. SSH Protocol
Port forwarding can also be used to get information securely through network firewalls. If the
firewall is configured to allow SSH traffic via its standard port (22) but blocks access to other
ports, a connection between two hosts using the blocked ports is still possible by redirecting
their communication over an established SSH connection.
Note
Using port forwarding to forward connections in this manner allows any user on
the client system to connect to that service. If the client system becomes
compromised, the attacker also has access to forwarded services.
System administrators concerned about port forwarding can disable this
functionality on the server by specifying a
AllowTcpForwarding
service.

6. Requiring SSH for Remote Connections

For SSH to be truly effective, using insecure connection protocols, such as Telnet and FTP,
should be prohibited. Otherwise, a user's password may be protected using SSH for one
session, only to be captured later while logging in using Telnet.
Some services to disable include:
•
telnet
•
rsh
•
rlogin
•
vsftpd
To disable insecure connection methods to the system, use the command line program
, the ncurses-based program /usr/sbin/ntsysv, or the Services Configuration Tool
chkconfig
(
system-config-services
For more information on runlevels and configuring services with
and the Services Configuration Tool, refer to the chapter titled Controlling Access to Services
in the Red Hat Enterprise Linux System Administration Guide.

7. Additional Resources

For more information about SSH, refer to the following resources.

7.1. Installed Documentation

362
line in
/etc/ssh/sshd_config
) graphical application. All of these tools require root level access.
parameter for the
No
and restarting the
, /usr/sbin/ntsysv,
chkconfig
sshd