Results 1 to 3 of 3
  1. #1
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001

    ssh and ip addresses

    If I want to run an ssh server, and want to limit the addresses
    who can access the server, where is this configured? Is it in
    the hosts.allow and hosts.deny files? This is on a
    slackware linux box.
    I came in to the world with nothing. I still have most of it.

  2. #2
    Join Date
    Nov 2003
    San Diego
    When death sleeps it dreams of you...

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    Yes, you simply configure tcp wrappers via the hosts.allow and hosts.deny files. The syntax is very simple.

    The typical setup is to deny access to everyone listed in the /etc/hosts.deny file. (This example shows both ssh1 and ssh2.)
    sshd1: ALL
    sshd2: ALL
    sshdfwd-X11 : ALL

    or simply
    ALL: ALL

    And then allow access only to trusted clients in the /etc/hosts.allow:
    sshd1 : trusted_client_IP_or_hostname
    sshd2 : .ssh.com foo.bar.fi
    sshdfwd-X11 : .ssh.com foo.bar.fi

    Based on the /etc/hosts.allow file above, users coming from any host in the ssh.com domain or from the host foo.bar.fi are allowed to access services.

    Note that wrappers work for not just ssh, but any tcp service that is running and accepting connections. So be sure that you understand the syntax in that it's daemon : host. This means that if you do something like ALL : ALL it means all tcp services are impacted (well, all local INET services defined by tcpd), not just ssh.
    Last edited by thehorse13; December 31st, 2006 at 01:34 AM.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts