On Sat, 4 Sep 2004, Mike Burger wrote: > On Sat, 4 Sep 2004, Volker Kindermann wrote: > > > Hi, > > > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range > > > of ip addresses he is getting is so large, it will defeat the purpose to > > > blocking ssh because I would have to open up to so many ranges. Is there any > > > solution? <snip> > Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add: > > "sshd: ALL" > > And in /etc/hosts.allow, add: sshd: remotesysname.dyndns.org where your remote user has a dynamic dns registration (e.g. from DYNDNS.ORG, thus "remotesysname.dyndns.org"), which can get updated on the fly whenever the remote user changes IP numbers, if that remote user's home router supports ddclient. (or use a linux box as router so it can). Then, you don't have to open things up to a whole IP block. -- *************************************************** .~. Jerry Winegarden / v \ OIT/Technical Support, Duke University /( _ )\ jbw@xxxxxxxx, http://www-jerry.oit.duke.edu ^ ^ *************************************************** -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
