Hello all. Hosts.allow and hosts.deny can contain lists of hosts or the word ALL in upper case to be associated with a particular service. If you deny all access in hosts.deny, and then allow specific access in hosts.allow, the hosts.allow file will over ride the hosts.deny file. For example, suppose you want to allow ssh access to ip address 192.168.1.1 and 192.168.1.2 and wanted to block everyone else. you could put the following in your hosts.deny file: sshd: ALL All ssh access is now blocked. You can then open access for the two addresses you want with the following line in your hosts.allow file: sshd: 192.168.1.1 192.168.1.2 Only these two addresses would now have ssh access. If you have the line: ALL: ALL in your hosts.deny file, then the line: sshd: ALL in your hosts.allow file will open up all ssh access, while leaving other services like telnet, finger and ftp closed. When working with hosts.allow and osts.deny files, it's best to be specific about which services you are granting access to. renaming your host.deny file to something else will throw your system wide open, which is not what you want. In theory, if the hosts.deny file is empty or does not exist, and you have entries in your hosts.allow file, only those addresses for the specified services should get access. I would not count on it, however. Better to specifically deny all access, and then open up only what you intend. Gene Collins >Hi! > > Try man tcpd or man hosts_access. Sshd will use /etc/hosts_* files >only if tcpwrapper support is included when compiling. In that case >hosts_allow line is something like >sshd : all (or sshd2 : all, try both). > > Normally sshd holds it's own access control in sshd_config file >somewhere under /etc. > > btw: make sure you use the latest version of ssh, earlier versions >at least 1.2.31 have severe security problem. > > > Gregory Nowak 05.01.02: > >>I've tried typing "man hosts.allow", but no luck, so I have to ask. >>As Janina mentioned in reply to one of my posts, I'm currently blocking al= >l connections with >>"ALL: all". >>However, I want to let ssh in from any ip address. How do I do this? >>I've tried "ssh: all", but no luck. >>Greg >> >> >>_______________________________________________ >>Speakup mailing list >>Speakup at braille.uwo.ca >>http://speech.braille.uwo.ca/mailman/listinfo/speakup >> > > >Esitt=E4m=E4ni mielipiteet ovat omiani eiv=E4tk=E4 v=E4ltt=E4m=E4tt=E4 ed= >usta >ty=F6nantajani tai internet-palveluntarjoajani virallista kantaa. >--=20 >Mr. Ari Moisio, Niittykatu 7, 41160 Tikkakoski, +358-40-5055239 >ari.moisio at iki.fi http://www.iki.fi/arimo PGP-keyID: 0x3FAF0F05 > > > >_______________________________________________ >Speakup mailing list >Speakup at braille.uwo.ca >http://speech.braille.uwo.ca/mailman/listinfo/speakup
