Hi, > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range > of ip addresses he is getting is so large, it will defeat the purpose to > blocking ssh because I would have to open up to so many ranges. Is there any > solution? it might be necessary to open port 22 for all ip-addresses. To lock it down, you may want to put the allowed ssh-users in a group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config. Additionally you may want to disable password-login and allow only key-based login. So your ssh should be sufficiently save. -volker -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
