Re: Provide SSH to someone w/ dynamic IP address {Scanned}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 4 Sep 2004, Volker Kindermann wrote:

> Hi,
> 
> > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range
> > of ip addresses he is getting is so large, it will defeat the purpose to
> > blocking ssh because I would have to open up to so many ranges. Is there any
> > solution?
> 
> it might be necessary to open port 22 for all ip-addresses.
> 
> To lock it down, you may want to put the allowed ssh-users in a group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config.

Hmm...alternately, he could use TCPWrappers.  In /etc/hosts.deny, add:

"sshd: ALL"

And in /etc/hosts.allow, add:

"sshd: put.ip.addr.here/put.net.mask.here"

Either way will require maintaining a list.

> Additionally you may want to disable password-login and allow only key-based login.

This is always an option, as I noted, too.
-- 
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit 
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a 
message to:

site-update-request@xxxxxxxxxxxxxxxxx

with a message of: 

subscribe


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux