Re: restricting ssh access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 22 April 2003 12:42 am, Rodolfo J. Paiz wrote:
> At 10:14 PM 4/19/2003 +0200, you wrote:
> >what do i have to enter
> >in hosts.allow to allow ssh access only
> >from a certain domain?
>
> hosts.allow and hosts.deny (known as tcpwrappers) only affect programs
> run from xinetd usually. There are some other programs that are written
> to take advantage of tcpwrappers, but I do not know whether OpenSSH is
> one of them.

Openssh is compiled with tcpwrappers support. Sendmail is another 
standalone app that does the same.

> >or is there another more secure way to
> >restrict access to connect over ssh?
>
> I would certainly suggest using your firewall to restrict access as
> long as you can give it static IP addresses. If you want every IP
> address that resolves to "mycompany.com" to have access, then that's
> more difficult.

Agreed, your firewall is the first line of defense. 

- -- 
- -Michael

pgp key:  http://www.tuxfan.homeip.net:8080/gpgkey.txt
Red Hat Linux 7.{2,3}|8.0 in 8M of RAM: http://www.rule-project.org/
- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+pKNRn/07WoAb/SsRAr1bAKCgsTNAG3r61StLhayCyBnDhyRFDwCZAbph
xmAJOjiylX7PAp3/KxLXbTk=
=nHyr
-----END PGP SIGNATURE-----





[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux