New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document the firewall rules that disallow remote SSH connections? #5

Closed
a3nm opened this Issue Oct 29, 2017 · 3 comments

Comments

Projects
None yet
2 participants
@a3nm
Contributor

a3nm commented Oct 29, 2017

Hi,

I was trying to log into my Raspberry Pi remotely via SSH and it didn't work, and it took me some time that what prevented it were some iptables rules:

> sudo iptables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  127.0.0.0/8          anywhere             /* RFC3330 loopback */
ACCEPT     all  --  10.0.0.0/8           anywhere             /* RFC1918 reserved */
ACCEPT     all  --  172.16.0.0/12        anywhere             /* RFC1918 reserved */
ACCEPT     all  --  192.168.0.0/16       anywhere             /* RFC1918 reserved */
ACCEPT     all  --  169.254.0.0/16       anywhere             /* RFC3927 link-local */
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* SSH */ reject-with icmp-port-unreachable

> sudo ip6tables -L INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all      localhost            anywhere             /* RFC3513 loopback */
ACCEPT     all      fc00::/7             anywhere             /* RFC4193 reserved */
ACCEPT     all      fe80::/10            anywhere             /* RFC4291 link-local */
REJECT     tcp      anywhere             anywhere             tcp dpt:ssh /* SSH */ reject-with icmp6-port-unreachable

I agree it makes a lot of sense to have these rules, because the initial password is easy to guess. However don't you think it would be a good idea to advertise the existence of these rules to the user, in README.md or in the motd?

@stapelberg

This comment has been minimized.

Show comment
Hide comment
@stapelberg

stapelberg Oct 29, 2017

Contributor

Sure. I’m not sure about the best place for documentation about the image, especially once we publish it as an official Debian-supported image. That shouldn’t block us for now, so feel free to send a PR adding documentation where you see fit.

Contributor

stapelberg commented Oct 29, 2017

Sure. I’m not sure about the best place for documentation about the image, especially once we publish it as an official Debian-supported image. That shouldn’t block us for now, so feel free to send a PR adding documentation where you see fit.

@a3nm

This comment has been minimized.

Show comment
Hide comment
@a3nm

a3nm Nov 12, 2017

Contributor

Sure. I just did this, sorry about the delay. Please have a look, and let me know if you'd like me to change anything. :)

Contributor

a3nm commented Nov 12, 2017

Sure. I just did this, sorry about the delay. Please have a look, and let me know if you'd like me to change anything. :)

@stapelberg

This comment has been minimized.

Show comment
Hide comment
@stapelberg

stapelberg Jan 4, 2018

Contributor

This has been merged. Closing.

Contributor

stapelberg commented Jan 4, 2018

This has been merged. Closing.

@stapelberg stapelberg closed this Jan 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment