[SailfishDevel] SSH listen address

[E.S. Rosenberg]

Hi all,
On my phone SSH listens on all interfaces, I am not 100% sure if the
default jolla setup also runs like this since I have NielDKs' openssh
packages installed.

Either way this brings up the interesting question of how to limit SSH to
listen only on local interfaces (USB, bluetooth and WiFi - where the last
one may be network dependent).

My first instinct was to change the ListenAddress, the problems with that
are (from the top of my head):
- One would need to list all the possible 192.168.0.0/16 addresses the
phone can take for the different connection types.
- There is no way to guarantee that a cellular operator won't decide for
some weird reason to use 192.168.0.0/16 instead of 10.0.0.0/8
- A WiFi you connect to could have 10.0.0.0/8, 192.168.0.0/16 or even
172.16.0.0/12 and there is no telling ahead of time which address the phone
will have.

So this leaves an, I think, interesting question: how do we on the one hand
allow SSH access while on the other hand preventing access from GSM/3G/4G?

The obvious solution seems to be an iptables/nftables rule linked to the
interface of cellular internet which prevents access, iptables -L shows me
the phones' table is currently completely empty, which may not be the best
of ideas....

Suggestions?

Regards,
Eli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.sailfishos.org/pipermail/devel/attachments/20150419/ea4a10fd/attachment.html>