On Wed, 13 Jun 2001, Manager Account wrote:
> I am running sshd2 on a system called 'server'. I am trying to disable ssh
> connections from a system called 'client'. (Both are running Solaris 7.)
>
> A sample session:
>
> -----
>
> server# grep client /etc/hosts.allow
> server# grep ssh /etc/hosts.allow
> server# grep client /etc/hosts.deny
> ALL:client
> server# grep ssh /etc/hosts.deny
> sshd:ALL
> sshd2:ALL
Edit /etc/hosts.deny and put the IP address of 'client' there,
as in
ALL: aaa.bbb.ccc.ddd
My reasoning is that your server cannot resolve the IP
of 'client' and thus allows it by default.
Here's a sample of my /etc/hosts.allow on two Linux machines:
sshd: 192.168.12.34, 10.11.0.3, .myisp.com
And here is my /etc/hosts.deny on the same machines:
portmap: ALL
in.telnetd: ALL
wu.ftpd: ALL
in.rlogind: ALL
sshd: ALL
ALL: ALL
Actually, the last line "ALL: ALL" is all you need.
--
"When you make a mistake and don't correct
it, that's what you call a mistake!"
-- Confucius
