On Sat, 4 Sep 2004 12:42:54 +0200, Volker Kindermann wrote > Hi, > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range > > of ip addresses he is getting is so large, it will defeat the purpose to > > blocking ssh because I would have to open up to so many ranges. Is there any > > solution? > > it might be necessary to open port 22 for all ip-addresses. > > To lock it down, you may want to put the allowed ssh-users in a > group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config. > > Additionally you may want to disable password-login and allow only > key-based login. > > So your ssh should be sufficiently save. I understand his concern. SSH has had its problems in the past. I just had to recover totally an old system for someone that had not kept up with updates and got zapped with a ssh exploit. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
