December 30th, 2006, 05:40 AM
ssh and ip addresses
If I want to run an ssh server, and want to limit the addresses
who can access the server, where is this configured? Is it in
the hosts.allow and hosts.deny files? This is on a
slackware linux box.
I came in to the world with nothing. I still have most of it.
December 30th, 2006, 07:10 AM
When death sleeps it dreams of you...
December 31st, 2006, 01:26 AM
Yes, you simply configure tcp wrappers via the hosts.allow and hosts.deny files. The syntax is very simple.
The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.)
sshdfwd-X11 : ALL
And then allow access only to trusted clients in the /etc/hosts.allow:
sshd1 : trusted_client_IP_or_hostname
sshd2 : .ssh.com foo.bar.fi
sshdfwd-X11 : .ssh.com foo.bar.fi
Based on the /etc/hosts.allow file above, users coming from any host in the ssh.com domain or from the host foo.bar.fi are allowed to access services.
Note that wrappers work for not just ssh, but any tcp service that is running and accepting connections. So be sure that you understand the syntax in that it's daemon : host. This means that if you do something like ALL : ALL it means all tcp services are impacted (well, all local INET services defined by tcpd), not just ssh.
Last edited by thehorse13; December 31st, 2006 at 01:34 AM.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden