Hi slugers A few days back Dave Kempe made the suggestion below to further secure ssh. Now I tried to do this on my local network as a test using
sshd: 192.168.1.0/255.255.255.0 in the hosts.allow but winscp failed to connect. I tried a few options but the only way I could connect is by using sshd: ALL in the hosts.allow file. What is going wrong? Regards, Phill O'Flynn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Kempe Sent: Thursday, 30 December 2004 3:05 PM To: Voytek Cc: slug@slug.org.au Subject: Re: [SLUG] sshd config: tighten access ? Voytek wrote: > is a public web/mail server, so, I need to allow full access to web/mail/dns well instead of the ALL bit in hosts.allow/deny just use sshd if you use this tcpwrapper features, you can allow whole subnets easily. like so: (hosts.allow) #Australia sshd: 203.0.0.0/255.0.0.0 (hosts.deny) #Block ssh from everywhere (except those in hosts.allow) sshd: ALL of course you could just add the fixed ip and the subnet of your dialup IPs. that way at least you massively slash the amount of hosts that can connect to you. and mostly avoid the crackers from Romainia and Russia dave -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
smime.p7s
Description: S/MIME cryptographic signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html