Page MenuHomePhabricator
Create Task
Maniphest T944

Hardened sshd Setup
Closed, WontfixPublic
Actions

Description

https://unix.stackexchange.com/questions/14312/how-to-restrict-an-ssh-user-to-only-allow-ssh-tunneling

Whitelisting the sshd allowed addresses can work by adding a special internal IP that uses Tor's mapadddress to refer to some onion address generated for SSH access later on.

https://www.golinuxcloud.com/restrict-allow-ssh-certain-users-groups-rhel/

Details

Impact
Normal

Event Timeline

HulaHoop triaged this task as Normal priority.Dec 8 2019, 3:06 PM
HulaHoop created this task.
Herald added subscribers: entr0py, Patrick. · View Herald TranscriptDec 8 2019, 3:06 PM
Patrick closed this task as Wontfix.Dec 8 2022, 4:28 PM
Patrick claimed this task.

This is for whonix.org server security?

Due to the months ongoing DDoS on the Tor network, I don't think this would be reliable. Big risk of locking oneself out of the server. Therefore not implementing this and rejecting this ticket. Could be re-opened if these issues are one day resolved and onions being reliable and DDoS resistant.

references:

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer