I'm running a VM linux-mint with virtualbox and also use winscp. I've set up a firewall rule named SSH that has 22/tcp allow in anywhere and 22/tcp(v6) in anywhere. This works but I'm a little confused. Is there a way to restrict access so only winscp has access?
Asked
Active
Viewed 997 times
1 Answers
0
What you request is possible by means of deep packet inspection, but not advisable: If you have configured SSH properly (cf. this answer) an attacker will be unable to establish a SSH session, anyway.
On the other hand it is pretty easy for an attacker to impersonate different clients and therefore restricting access to a certain SSH client will not prevent a willing attacker from discovering your running SSH server. In contrast, the attacker will learn which client (winscp) and OS (Windows) you are using and then leverage this knowledge to refine his attack.
If you want to hide the SSH server - not for security (security by obscurity is futile) but for convenience (smaller log files, less alarms) reasons - I propose you set up port knocking.
But again - this is not a security measure! An attacker who is capable to break into a properly configured SSH server, will neither be stopped by a firewall configured to allow only a certain SSH client nor by port knocking.
dirdi
- 3,317