mina-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From garima jain <jain.garim...@gmail.com>
Subject RE: Partial Disabling of port 22 using apache-mina SSHD
Date Tue, 21 Jun 2016 17:15:57 GMT
Hey,

What shell commands can be executed and how? Or how to provide tunnel?
Can you provide sample code for the same?

Any methods from sftp class?

-Garima Jain
On Jun 21, 2016 10:02 PM, "elijah baley" <e_baley@outlook.com> wrote:

> No, SFTP is not a protocol that runs on a specific port it is a
> sub-protocol (actually a subsystem) of SSH. FYI, SSH enables opening
> multiple channels on the same session. You can run shell commands (what
> many mistakenly call SSH) SFTP and SCP as well as tunnels concurrently on
> the same SSH session. The port is always 22 (SSH) for SFTP and SCP (and any
> other channel - e.g. PROXY, SOCKS, etc...)..
>
> > From: jain.garima88@gmail.com
> > Date: Tue, 21 Jun 2016 11:42:58 +0530
> > Subject: Re: Partial Disabling of port 22 using apache-mina SSHD
> > To: dev@mina.apache.org
> >
> > Can I keep the port open for sftp and close for ssh?
> >
> > -Garima Jain.
> >
> > On Mon, Jun 20, 2016 at 10:33 PM, garima jain <jain.garima88@gmail.com>
> > wrote:
> >
> > > Thanks. Will use that.
> > >
> > > -Garima Jain
> > > On Jun 20, 2016 10:31 PM, "Ashish" <paliwalashish@gmail.com> wrote:
> > >
> > >> On Mon, Jun 20, 2016 at 9:43 AM, garima jain <jain.garima88@gmail.com
> >
> > >> wrote:
> > >> > Can we use black list/whitelist feature?
> > >>
> > >> This is what you should use.
> > >>
> > >> >
> > >> > -Garima Jain
> > >> > On Jun 20, 2016 10:12 PM, "elijah baley" <e_baley@outlook.com>
> wrote:
> > >> >
> > >> >> There are many options - depending on the actual setup:
> > >> >> - You can move SSHD to a non-standard port on all interfaces -
> easy to
> > >> do
> > >> >> when setting up the server - just call "setPort" on the SshServer
> > >> instance-
> > >> >> You can bind SSHD to a specific interface (e.g., 127.0.0.1)om
port
> 22
> > >> and
> > >> >> bind SFTP to the public interface on port 22 - easy to do just
call
> > >> >> "setAddress" (or something to that effect)  on the SshServer
> instance
> > >> >> I could think of more exotic options - e.g. similar to sslh, using
> > >> >> HAPROXY, etc., etc.
> > >> >> > From: jain.garima88@gmail.com
> > >> >> > Date: Mon, 20 Jun 2016 12:10:26 +0530
> > >> >> > Subject: Re: Partial Disabling of port 22 using apache-mina
SSHD
> > >> >> > To: dev@mina.apache.org
> > >> >> >
> > >> >> > Hi elijah,
> > >> >> >
> > >> >> > The requirement is to block port 22 for SSH and accept SFTP
> > >> connections
> > >> >> on
> > >> >> > Port 22. Is there a class/method that can help us achieve
the
> aim?
> > >> >> >
> > >> >> > -Garima Jain.
> > >> >> >
> > >> >> > On Fri, Jun 17, 2016 at 3:27 PM, elijah baley <
> e_baley@outlook.com>
> > >> >> wrote:
> > >> >> >
> > >> >> > > Is there some reason your code cannot examine the incoming
> client
> > >> >> address
> > >> >> > > and reject it if it does not match some specified criteria
> (e.g.,
> > >> mask,
> > >> >> > > network, closed group of IPs - whatever...) ?
> > >> >> > >
> > >> >> > > > From: jain.garima88@gmail.com
> > >> >> > > > Date: Fri, 17 Jun 2016 14:50:51 +0530
> > >> >> > > > Subject: Partial Disabling of port 22 using apache-mina
SSHD
> > >> >> > > > To: dev@mina.apache.org
> > >> >> > > >
> > >> >> > > > Hi,
> > >> >> > > >
> > >> >> > > >
> > >> >> > > >
> > >> >> > > > We are using com.springsource.org.apache.mina-1.0.2.jar
 in
> our
> > >> >> product.
> > >> >> > > > The requirement is to disable port 22 for all incoming
> traffic
> > >> over
> > >> >> SSH
> > >> >> > > but
> > >> >> > > > the same port is required to communicate with few
IP’s over
> 22.
> > >> Is
> > >> >> there
> > >> >> > > a
> > >> >> > > > way to handle selective port blocking?
> > >> >> > > >
> > >> >> > > >
> > >> >> > > > -Garima Jain.
> > >> >> > >
> > >> >> > >
> > >> >>
> > >>
> > >>
> > >>
> > >> --
> > >> thanks
> > >> ashish
> > >>
> > >> Blog: http://www.ashishpaliwal.com/blog
> > >> My Photo Galleries: http://www.pbase.com/ashishpaliwal
> > >>
> > >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message