16.10. SSH
Mac OS X Leopard Server ships with the ssh service automatically enabled. This service, by default, will allow connections on port 22 by any authenticated user known to the server. This has many security implications, such as the ability for standard accounts to run services on ports 1024 and higher. This means that by default any user of your server has the ability to start a proxy or traffic redirector (such as the Internet relay chat client Bouncer) without admin authorization.
Firewall safeguards should prevent remote access to those services, but even in a full firewall lock down, if port 22 is open, there are still many vectors that an attacker with user credentials could use to cause mischief and mayhem, so disable ssh unless ...
Get Enterprise Mac Security: Mac OS X Snow Leopard now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
