Gerry,
When you say better, do you mean faster or does this patch also help limit
access to other daemons?
#######################
Christina,
We run ssh via inetd (i.e., compile ssh without the libwrap option
and run the daemon from inetd.conf controlled by tcp_wrappers, as in
ssh2 stream tcp nowait root /usr/etc/tcpd \
/usr/sbin/sshd2 -i
(the -i is important)
There's a little more overhead doing it this way, but you can control
access to all inetd tcp daemons centrally under tcp_wrappers via the
/etc/hosts.allow and /etc/hosts.deny files. See the INSTALL file under
the tcp_wrappers source directory for instructions.
Reagards,
Chris
###############################################################
# Chris Vandersip #
# Computer Research Specialist/Dept. Sysadmin #
# Rm. 024, Dept. of Meteorology, Florida State University #
# [EMAIL PROTECTED] (850)644-2522 #
###############################################################
On Thu, 14 Oct 1999, Gerry Bash wrote:
> Auctally ssh has wrapers built into it that work much better then tcpd.
> Checkout the AllowUsers and AllowHosts in the documentation of ssh.
>
> I also recently wrote a patch that extends the function of the ssh wrapers
> for version 1.2.27, if your intrested it and the readme can be found on
> www.sonn.com/~gersh/ssh
>
>
> Gerry Bash [Gersh | cruid @ EFnet.irc] - Unix Security Admin
> "\xeb\x03\x5f\xeb\x05\xe8\xf8\xff\xff\xff\x31\xd2\xb2\x0a\x31\xc9"
> "\xb1\x1a\x01\xf9\x31\xdb\xb3\x01\x31\xc0\xb0\x04\xcd\x80\x31\xc0"
> "\xb0\x01\xcd\x80\x44\x4f\x4f\x54\x20\x44\x4f\x4f\x54\x0a\x00";
>
>
> On Thu, 14 Oct 1999, Anthony T Moran wrote:
>
> >
> >
> > You said:
> >
> > >
> > > Hello,
> > >
> > > Do you kmown if there is a way to limite the access to a machine? There is
> > > a way to configure which users can access a machine using ssh?
> > >
> > > Thanks in advance,
> >
> > Hi.
> >
> > Best way to do this is to use TCP Wrappers.
> > ftp://ftp.porcupine.org/pub/security/index.html
> >
> > Unfortunately, you need to afair, need to compile this into ssh (?)
> > See the FAQ's etc.
> >
> > In any case though, if you have felt it necessary to use ssh in the first
> > place, then you definitely should use TCP Wrappers to limit and
> > monitor access to services on your machine/s as well. Good thing about
> > using ssh with TCP Wrappers is that it provides some basic logging of
> > incoming ssh usage on your machine, unless you are using the commercial
> > version of ssh which does that for you.
> >
> > Have fun, Tony
> >
> >
> >
> >
> >
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > "He who will not reason is a bigot; he who cannot is a fool;
> > and he who dares not is a slave." - Sir William Drummond
> >
> > We don't inherit the Earth from our ancestors, we borrow it from our kids
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >
> >
> >
>
