undefined | Better HN

0 pointsthrowaway20484y ago0 comments

you cant block the actual port bind, but you can block any packets from reaching it, so the difference is mostly semantics

0 comments

3 comments · 1 top-level

usr11064y ago· 2 in thread

Yes, but that port needs to remain "open" for the legitimate sshd traffic. Can you see a difference in ownership as the firewall sees it between sshd and some user daemon? Sshd drops root partially when login succeeds.

throwaway2048OP4y ago

that has nothing to do with sshd's listening socket, which remains owned by root

usr11064y ago

Sure the listening one remains owned by root. But the connected one? If you limit packets from/to e.g. 2222 to uid 0, will legitimate ssh traffic work? I don't say it won't, genuinely unsure. Haven't tried and today is a holiday. Maybe tomorrow :)

j / k navigate · click thread line to collapse