Forum

Results 1 to 8 of 8
  1. #1
    Join Date
    October 2016
    Posts
    52

    Secure Server Query

    Hello,

    I create my new TS 3 server with security in mind.

    So I just wonder how to secure Server Query, because as we all know, server query is based on telnet, so communication is "plain text" visible to anyone, so anyone can sniff your network communication and get your server admin password, because it is not encryped.

    So I wonder if there is any way to secure Server Query interace. As far as I know I can block server query port using firewall and set exception only for my IP or IP of my VPN, but it is still not secured.

    And as we all know there is many server lists, which require server query port to be opened.

  2. #2
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    Please don't spam the forums with duplicated topics.

  3. #3
    Join Date
    September 2017
    Posts
    47
    Hello, install the server version 3.3.0 of teamspeak, which supports the ssh for the query interface.

    and to start do ./ts3server_startscript.sh start query_protocols=ssh

  4. #4
    Join Date
    October 2016
    Posts
    52
    Quote Originally Posted by ANR Daemon View Post
    Please don't spam the forums with duplicated topics.
    Ah sorry I thought I deleted it.

    So your advice is:

    Quote Originally Posted by ANR Daemon View Post
    ts3.ini:
    query_ip=127.0.0.1
    query_port=10011

    query_ip_whitelist.txt:
    127.0.0.0/8

    And use SSH tunneling to connect to it from outside.
    So I will block port 10011 in firewall (except loopback) and then I can somehow connect to the query port using SSH tunneling? Can you send me any tutorial how? So then I have to create user on my server for SSH connecting?

  5. #5
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    There's multiple ways to do it.

    ssh -L option (also putty), like
    Code:
    ssh -L 10011:localhost:10011 [email protected]
    , then connect to localhost:10011 on the local machine (useful for tools like YaTQA).

    Run telnet on the server within SSH connection, like
    Code:
    ssh [email protected] telnet localhost 10011
    , which is useful for a quick-and-dirty console access.

    SSH query variant added in recent version only adds connection protection, but does not control access itself.
    This is not a suggestion against using query-ssh, this is a point of consideration.

    It is not necessary to firewall 10011 explicitly, as binding to localhost prevents connections from outside in any sanely configured network stack. 127/8 network is explicitly unroutable.

  6. #6
    Join Date
    October 2016
    Posts
    52
    Thank you this looks great, so then I have to create some user on system for SSH access.

    But I think this SSH tunneling won't work with TS3 server list out there, right? Because they use Server Query for checking users on the server, status of server, etc..

  7. #7
    Join Date
    December 2004
    Location
    RF
    Posts
    3,006
    You can let the teamspeak user SSH
    You can explicitly enforce telnet as a shell for connecting users. See authorized_keys magic tutorials on the web.

    I'm hoping for a better query-ssh features in the future.
    Key pair or certificate authorization, that would let only chosen users connect in the first place.
    That would make weblist client easier to accommodate without compromising the security of the system.

  8. #8
    Join Date
    June 2011
    Location
    Germany
    Posts
    4,350
    As a hint, anonymous users cannot use TeamSpeak's SSH.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. How to secure my TS server
    By Thecazz in forum Permission System
    Replies: 0
    Last Post: April 7th, 2017, 06:52 PM
  2. How to secure my server
    By Djdomrep in forum Windows
    Replies: 0
    Last Post: December 9th, 2011, 04:47 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •