Gorman Julie D wrote: > I've just implemented denyhosts on our ssh servers in our lab (we > have about 25 ssh servers being used for programming and general > education classes). It is working very well for most cases. I'm > running it on Mac OSX 10.4, Solaris 9 & 10. > > I want to keep hosts from our local network from being entered into / > etc/hosts.deny (we have some very inexperienced users). I've read > that allowed-hosts (in the WORKING DIRECTORY) will accept CIDR > notation but it doesn't appear to be working. Here is the info about > the allowed-hosts file from the logging file when I am running with > the --debug flag (ips changed): > > 2007-11-09 09:56:51,723 - AllowedHosts: DEBUG initializing > AllowedHosts > 2007-11-09 09:56:51,724 - AllowedHosts: DEBUG line: 1.1.0.0/16 - > regex match? True
AFAIK CIDR is not understood, and according to the FAQ (http://denyhosts.sourceforge.net/faq.html#allowed) a /16 network mask can't be specified, only /24 masks with 1.1.0.* notation... so the only workaround may be to write 255 entries (yuck!). Have you considered using /etc/hosts.allow, tcp_wrappers does allow something close to CIDR notation, i.e. 1.1. or 1.1.0.0/255.255.0.0 (see man 5 host_access) [snip] -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
