If you want to deny ssh access to everyone on the outside, you could also remove the references to ssh from EXTERN_TCP_PORTS in /etc/network.conf and bounce networking with svi network reload
That should cause the ssh port to be blocked from outside connections by the firewall ruleset. --Brad On Tue, 16 Oct 2001 16:03:02 +0200 Patrick Benson wrote: > Julian Church wrote: > > > > I'm using an Eigerstein system to firewall cable modem (dynamic IP) to > > internal net 192.168.1.0/24. > > > > Looking through the logs I was a bit alarmed to find someone had tried to > > log in via SSH from the internet. From the logs it looks like whoever it > > was, their password thankfully failed. > > > > How do I prevent this from happening? I'd like to allow SSH login only > > from the internal net. > > If you look in /etc/ssh/sshd_config, there are certain options that can > be altered: > > ListenAddress <internal_interface> > PasswordAuthentication no > AllowHosts <internal_net> > > Keeps the bad guys out..... :) > > -- > Patrick Benson > Stockholm, Sweden _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
