Hi slugers A few days back Dave Kempe made the suggestion below to further secure ssh. Now I tried to do this on my local network as a test using
sshd: 192.168.1.0/255.255.255.0
in the hosts.allow but winscp failed to connect. I tried a few options but
the only way I could connect is by using
sshd: ALL
in the hosts.allow file. What is going wrong?
Regards,
Phill O'Flynn
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of David Kempe
Sent: Thursday, 30 December 2004 3:05 PM
To: Voytek
Cc: slug@slug.org.au
Subject: Re: [SLUG] sshd config: tighten access ?
Voytek wrote:
> is a public web/mail server, so, I need to allow full access to
web/mail/dns
well instead of the ALL bit in hosts.allow/deny just use sshd
if you use this tcpwrapper features, you can allow whole subnets easily.
like so:
(hosts.allow)
#Australia
sshd: 203.0.0.0/255.0.0.0
(hosts.deny)
#Block ssh from everywhere (except those in hosts.allow)
sshd: ALL
of course you could just add the fixed ip and the subnet of your dialup
IPs. that way at least you massively slash the amount of hosts that can
connect to you. and mostly avoid the crackers from Romainia and Russia
dave
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
smime.p7s
Description: S/MIME cryptographic signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
