cpghost wrote:
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <[EMAIL PROTECTED]> wrote:
Let me clarify. When I use the term "host", I'm referring to what
many would call a "personal workstation" or "personal computer". If
you have more than one person who has shell access to a computer,
Wojciech Puchar wrote:
>
>>> this:
>>>
>>> AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
>>> PROTECTED] [EMAIL PROTECTED]
>>
>> It looks like AllowHosts is not available with the version of SSH that
>> comes with FreeBSD.
>>
>> This works:
>>
>> AllowUsers [EMAIL PROTECT
this:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECTED] [EMAIL PROTECTED]
It looks like AllowHosts is not available with the version of SSH that comes
with FreeBSD.
This works:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECT
At 18:17 18/04/2008 -0500, Paul Schmehl wrote:
If you want to restrict sshd logins by host, you can use AllowUsers like this:
AllowUsers [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL
PROTECTED] [EMAIL PROTECTED]
It looks like AllowHosts is not available with the version of SSH
On Fri, 18 Apr 2008 13:46:48 -0500
Paul Schmehl <[EMAIL PROTECTED]> wrote:
> Let me clarify. When I use the term "host", I'm referring to what
> many would call a "personal workstation" or "personal computer". If
> you have more than one person who has shell access to a computer,
> then you no l
--On Saturday, April 19, 2008 00:12:41 +0200 Gilles <[EMAIL PROTECTED]>
wrote:
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
(snip)
Seems like I didn't do it right:
/etc/ssh/sshd_config:
[...]
AllowHosts 192.168.0 82.227.x.x
# /etc/rc.d/sshd restart
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
(snip)
Seems like I didn't do it right:
/etc/ssh/sshd_config:
[...]
AllowHosts 192.168.0 82.227.x.x
# /etc/rc.d/sshd restart
Stopping sshd.
Starting sshd.
/etc/ssh/sshd_config: line 119: Bad configuration op
--On Friday, April 18, 2008 21:37:45 +0200 Mel
<[EMAIL PROTECTED]> wrote:
>> [4] # grep sshd /etc/defaults/rc.conf
>> sshd_enable="NO"# Enable sshd
>
> No? Surely you're not using inetd?
I haven't used inetd in years. I'm not sure why you think I would be.
Well, since sshd_en
On Friday 18 April 2008 20:53:37 Paul Schmehl wrote:
> --On Friday, April 18, 2008 20:30:53 +0200 Mel
>
> <[EMAIL PROTECTED]> wrote:
> > On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
> >> Firewalls are for preventing access to running services. By definition,
> >> if you are running a servi
--On Friday, April 18, 2008 09:15:41 -0700 Kurt Buff <[EMAIL PROTECTED]>
wrote:
Not to detour this conversation too much, I hope, but I'm in a
different situation, and this is going to be an issue for me. I'm
putting together a box that's going to be a router for our company,
using BGP to give a
--On Friday, April 18, 2008 20:30:53 +0200 Mel
<[EMAIL PROTECTED]> wrote:
On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
Firewalls are for preventing access to running services. By definition, if
you are running a service, you want it to be accessed.
That's your assumption.
First of
--On Friday, April 18, 2008 13:18:44 -0400 Jon Radel <[EMAIL PROTECTED]> wrote:
Paul Schmehl wrote:
I see this statement all the time, and I wonder why. What does a
firewall on an individual host accomplish?
I have maintained publicly available servers for a small hobby domain
for almost ten
On Friday 18 April 2008 16:53:49 Paul Schmehl wrote:
> I see this statement all the time, and I wonder why. What does a firewall
> on an individual host accomplish?
...
> Firewalls are for preventing access to running services. By definition, if
> you are running a service, you want it to be a
Paul Schmehl wrote:
> I see this statement all the time, and I wonder why. What does a
> firewall on an individual host accomplish?
>
> I have maintained publicly available servers for a small hobby domain
> for almost ten years now. Initially, I bought in to this logic and ran
> a firewall. (A
Hi,
Gilles wrote:
I don't have a firewall on that host because there's already a NAT
router connecting the LAN to the Net.
I don't know your setup, but I'm pretty sure you can run the packet
filter on your host anyway.
You don't need to configure NAT to run your host firewall.
I'll just ad
On Fri, Apr 18, 2008 at 04:59:07PM +0100, Matthew Seaman wrote:
> Paul Schmehl wrote:
>
> >I have maintained publicly available servers for a small hobby
> >domain for almost ten years now. Initially, I bought in to this
> >logic and ran a firewall. (At that time we only had one server.)
> >What
On Fri, 18 Apr 2008 10:04:37 +0100, FreeBSD - Wire Consulting
<[EMAIL PROTECTED]> wrote:
>sshd(8) is part of the base system, which is a FreeBSD patched version of
>OpenSSH. Although, you can find some ports of bulk OpenSSH in
>/usr/ports/security.
I don't have a firewall on that host because ther
Kurt Buff wrote:
On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman
<[EMAIL PROTECTED]> wrote:
At any rate, locking down ssh access is one of my concerns, for sure,
so this discussion is helpful.
Wouldn't turning off password based logins and using public and private
keys (with a strong passwor
On Fri, Apr 18, 2008 at 8:59 AM, Matthew Seaman
<[EMAIL PROTECTED]> wrote:
> Paul Schmehl wrote:
>
>
> > I have maintained publicly available servers for a small hobby domain for
> almost ten years now. Initially, I bought in to this logic and ran a
> firewall. (At that time we only had one server
Paul Schmehl wrote:
I have maintained publicly available servers for a small hobby domain
for almost ten years now. Initially, I bought in to this logic and ran
a firewall. (At that time we only had one server.) What it cost me was
CPU and memory. What it gained me was nothing. I turned it
--On Friday, April 18, 2008 19:14:49 +1000 Gary Newcombe
<[EMAIL PROTECTED]> wrote:
ssh is part of the base system, not an installed port (by default anyway) so
you won't see it with pkg_info which will only list installed packages. The
config file is /etc/ssh/sshd_config.
To limit connections,
Mel wrote:
> On Friday 18 April 2008 10:51:45 Gilles wrote:
>
>> 1. I'd like to limit connections from the Net only from specific IP's.
>> It seems like there are several ways to do it (/etc/hosts.allow,
>> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
>> you recommend?
>
Hi,
Gilles wrote:
Hello
I have a couple of questions about running SSHd:
1. I'd like to limit connections from the Net only from specific IP's.
It seems like there are several ways to do it (/etc/hosts.allow,
AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
you recommend?
On Friday 18 April 2008 10:51:45 Gilles wrote:
> 1. I'd like to limit connections from the Net only from specific IP's.
> It seems like there are several ways to do it (/etc/hosts.allow,
> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
> you recommend?
hosts.allow == TCP wr
Hi Gilles,
ssh is part of the base system, not an installed port (by default anyway) so
you won't see it with pkg_info which will only list installed packages. The
config file is /etc/ssh/sshd_config.
To limit connections, you should be using the firewall. I do use hosts.allow
too, but the fi
Gilles wrote:
> Hello
>
> I have a couple of questions about running SSHd:
>
> 1. I'd like to limit connections from the Net only from specific IP's.
> It seems like there are several ways to do it (/etc/hosts.allow,
> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
> you re
Hello
I have a couple of questions about running SSHd:
1. I'd like to limit connections from the Net only from specific IP's.
It seems like there are several ways to do it (/etc/hosts.allow,
AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
you recommend?
2. Although it's up
27 matches
Mail list logo