ListenAdress Exclusion

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I was wondering what everyone's thoughts were on a simpler way to exclude
addresses from having listeners on them.

I know a lot of people have multiple subnets, especially larger
corporations.

Some networks are non-route-able, and therefor unsuitable for use with SSH,
aside from communication between other servers on the same subnet.

Given that we may want to exclude those non-route-able subnets / vlans from
SSH use, I am proposing that rather than listing all of the acceptable
vlans for listeners, that we use the following format to build an exclusion
list.

That would be like

ListenAddress 0.0.0.0
ListenAddress !192.168.0.0/24
ListenAddress !192.168.1.0/24

I have searched through the man pages and openssh documentation and have
found nothing to this kind of configuration, with everyone talking about
using tcp wrappers or iptables to block ssh from accepting connections on
different subnets.

I feel that this would be a simpler way to prevent ssh from even starting
on those subnets.


Thanks for your time and consideration.

Larry Becke
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux