sshd

[profetas]

I have been trying to restric the access of my sshd using th following method:

I set the hosts.deny to
ALL:ALL

and the hosts.allow for

ALL: 10.0.0.1

where the 10.0.0.1 is the ip I want to allow. but it won't allow the 10.0.0.1

I may also configure this in my firewall setting but I want to know what is wrong.


Thanks

[D0pp139an93r]

Look at the first entry you made....

[MrLinus]

IIRC, hosts.allow is supposed to be read first. http://www.linuxgazette.com/issue46/...pwrappers.html

[cacosapo]

i thought that hosts.deny is no longer in use.
try this:
empty hosts.deny

insert on hosts.allow

ALL:10.0.0.1:ALLOW
ALL:ALL:DENY

[D0pp139an93r]

Hmmm. I'll have to look into that...


Question, is there possibly a router that is refusing the connection?

[Spyder32]

I might be asking the obvious but are you behind a firewall? And wouldn't your concurrent first entry eliminate the chance of allowing a connection for the second one?

[IKnowNot]

I doubt I can help but more info may help others help you.

What OS are we talking about here? What OS is the ssh daemon running on?

What version of ssh ?

Is the service controlled by TCP Wrappers ( thus utilizing using the hosts.allow then hosts.deny files, which is the order they will be looked at ) or is it controlled by Xinetd ?

What type of authentication protocol are you using? [ version 1 or version 2 ]

How did you set it up ?

Did it work before you attempted to include the hosts* files ?

Check the hosts.allow file. You are using a specific address here. Try adding the subnet mask, as in 'net/mask'
OR
end it with a period, as in "10.0.0.1." to match the address exactly. ( If I remember correctly with a period at the end it will be recognized as a string and match it, thus a string of " 10.0. " would match every address of 10.0.x.x )

damn, I wish I had more time to help, ... and more knowledge!

[profetas]

I think what cacosapo said will work, I will try when I get home.

I am behind a firewall but I opened (allowed) the sshd port.
and it works fine when I don't try do block all domains only the one that I want to allow.

I will give some feedback when give it the try

[profetas]

I have tried:

ALL: 80.
ALL:ALLENY

my Ip start with 80.
so ALL: 80. would allow the class A

if I do
hosts.deny
ALL:ALL

and hosts.allow

ALL:ALL


it will accept any connection meaning that the hosts.allow is read last.

I have also tried

ALL: localhost
ALL: .localhost
ALL: 127.0.0.1

and I tried to connect to my machine but it didn't accept.

It must be a syntax error

if anyone interested someone send me the man page
http://www.rt.com/man/hosts_access.5.html

I will have a look there to see if I can find what is wrong.


I will get this **** working today!

[profetas]

OK I found the problem.

I did What I should have done a long time ago.
I looked at the log file
and I got

Jun 2 00:22:10 www sshd[1781]: refused connect from 0.0.0.0
Jun 2 00:23:27 www sshd[1802]: refused connect from 0.0.0.0
Jun 2 00:30:03 www sshd[1864]: refused connect from 0.0.0.0
Jun 2 00:30:34 www sshd[1867]: refused connect from 0.0.0.0
Jun 2 00:31:11 www sshd[1870]: refused connect from 0.0.0.0
Jun 2 00:32:11 www sshd[1874]: refused connect from 0.0.0.0
Jun 2 00:34:45 www sshd[2683]: refused connect from 0.0.0.0
-------------------------------------------------------------
Jun 2 00:36:10 www sshd[2689]: refused connect from 0.0.0.0
Jun 2 00:36:33 www sshd[2693]: refused connect from 0.0.0.0


most of the time I was trying to connect from my own PC, as the firewall is set to minimize DOS attack it would not
do any kind of lookup, so I tried from an outside host and I got the same.

So I will look my firewall now.