Re: Provide SSH to someone w/ dynamic IP address {Scanned}

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 8 Sep 2004, Reuben D. Budiardja wrote:

> On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote:
> > On Sat, 4 Sep 2004, Mike Burger wrote:
> > > On Sat, 4 Sep 2004, Volker Kindermann wrote:
> > > > Hi,
> > > >
> > > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far
> > > > > the range of ip addresses he is getting is so large, it will defeat
> > > > > the purpose to blocking ssh because I would have to open up to so
> > > > > many ranges. Is there any solution?
> >
> > <snip>
> >
> > > Hmm...alternately, he could use TCPWrappers.  In /etc/hosts.deny, add:
> > >
> > > "sshd: ALL"
> > >
> > > And in /etc/hosts.allow, add:
> >
> > sshd: remotesysname.dyndns.org
> 
> I don't think that would work. If I understand thing correctly, if you have 
> domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see 
> if it match with anything in /etc/hosts.allow. This will give back the 
> dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register 
> with dyndns.org (no PTR record for that), and thus not match with in 
> /etc/hosts.allow.
> 
> Anyway, I tried it and it didn't work. Someone correct my explanation if I'm 
> wrong please.
> 

I think it would work if you pointed your nameserver entries in your 
/etc/resolv.conf file to the name servers of the dydns.org.  Then the 
reverse lookup *should* work, I think.

Ben


-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux