How would that work if the server is behind a router? Richard On Tue, 15 Jan 2002, Gene Collins wrote: > Hello all. Hosts.allow and hosts.deny can contain lists of hosts or the > word ALL in upper case to be associated with a particular service. If you > deny all access in hosts.deny, and then allow specific access in > hosts.allow, the hosts.allow file will over ride the hosts.deny file. > For example, suppose you want to allow ssh access to ip address > 192.168.1.1 and 192.168.1.2 and wanted to block everyone else. you > could put the following in your hosts.deny file: > > sshd: ALL > > All ssh access is now blocked. You can then open access for the two > addresses you want with the following line in your hosts.allow file: > > sshd: 192.168.1.1 192.168.1.2 > > Only these two addresses would now have ssh access. If you have the > line: > > ALL: ALL > > in your hosts.deny file, then the line: > > sshd: ALL > > in your hosts.allow file will open up all ssh access, while leaving > other services like telnet, finger and ftp closed. When working with > hosts.allow and osts.deny files, it's best to be specific about which > services you are granting access to. renaming your host.deny file to > something else will throw your system wide open, which is not what you > want. In theory, if the hosts.deny file is empty or does not exist, and > you have entries in your hosts.allow file, only those addresses for the > specified services should get access. I would not count on it, however. > Better to specifically deny all access, and then open up only what you > intend. > > Gene Collins > > >Hi! > > > > Try man tcpd or man hosts_access. Sshd will use /etc/hosts_* files > >only if tcpwrapper support is included when compiling. In that case > >hosts_allow line is something like > >sshd : all (or sshd2 : all, try both). > > > > Normally sshd holds it's own access control in sshd_config file > >somewhere under /etc. > > > > btw: make sure you use the latest version of ssh, earlier versions > >at least 1.2.31 have severe security problem. > > > > > > Gregory Nowak 05.01.02: > > > >>I've tried typing "man hosts.allow", but no luck, so I have to ask. > >>As Janina mentioned in reply to one of my posts, I'm currently blocking al= > >l connections with > >>"ALL: all". > >>However, I want to let ssh in from any ip address. How do I do this? > >>I've tried "ssh: all", but no luck. > >>Greg > >> > >> > >>_______________________________________________ > >>Speakup mailing list > >>Speakup at braille.uwo.ca > >>http://speech.braille.uwo.ca/mailman/listinfo/speakup > >> > > > > > >Esitt=E4m=E4ni mielipiteet ovat omiani eiv=E4tk=E4 v=E4ltt=E4m=E4tt=E4 ed= > >usta > >ty=F6nantajani tai internet-palveluntarjoajani virallista kantaa. > >--=20 > >Mr. Ari Moisio, Niittykatu 7, 41160 Tikkakoski, +358-40-5055239 > >ari.moisio at iki.fi http://www.iki.fi/arimo PGP-keyID: 0x3FAF0F05 > > > > > > > >_______________________________________________ > >Speakup mailing list > >Speakup at braille.uwo.ca > >http://speech.braille.uwo.ca/mailman/listinfo/speakup > > _______________________________________________ > Speakup mailing list > Speakup at braille.uwo.ca > http://speech.braille.uwo.ca/mailman/listinfo/speakup >
