-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 22 April 2003 12:42 am, Rodolfo J. Paiz wrote: > At 10:14 PM 4/19/2003 +0200, you wrote: > >what do i have to enter > >in hosts.allow to allow ssh access only > >from a certain domain? > > hosts.allow and hosts.deny (known as tcpwrappers) only affect programs > run from xinetd usually. There are some other programs that are written > to take advantage of tcpwrappers, but I do not know whether OpenSSH is > one of them. Openssh is compiled with tcpwrappers support. Sendmail is another standalone app that does the same. > >or is there another more secure way to > >restrict access to connect over ssh? > > I would certainly suggest using your firewall to restrict access as > long as you can give it static IP addresses. If you want every IP > address that resolves to "mycompany.com" to have access, then that's > more difficult. Agreed, your firewall is the first line of defense. - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.{2,3}|8.0 in 8M of RAM: http://www.rule-project.org/ - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+pKNRn/07WoAb/SsRAr1bAKCgsTNAG3r61StLhayCyBnDhyRFDwCZAbph xmAJOjiylX7PAp3/KxLXbTk= =nHyr -----END PGP SIGNATURE-----
