Re: [plug] SSH from certain IPs only

Tue, 19 Oct 2004 04:34:35 -0700 

Only if sshd is started with xinetd

you can also use ipchians or iptables


On Mon, 18 Oct 2004, andrelst wrote:

> try this: 
> 
> /etc/hosts.allow
> sshd: 192.168. 66.167.150. 66.167.151.
> 
> /etc/hosts.deny
> sshd: ALL
> 
> regards,
> Andre
> 
> On Mon, 18 Oct 2004 11:45:33 -0500, gp <[EMAIL PROTECTED]> wrote:
> > I am running RH 7.2. I wanted to only  some IP addresses to SSH to my
> > machine. I have included this IP in my hosts.allow. I thought it was
> > clever idea but it did not work. Because I can still use SSH using a
> > different IP aside from the once listed. I also found one in my Google
> > search which says
> > hosts.deny entry.
> > sshd:ALL EXCEPT 192.168. 66.167.150. 66.167.151.
> > 
> > I also read that in my google search that TCPWRAPPERS worked with inetd.
> > I am using xinetd. So my question what should I do in order for  me to
> > let the server only accept ssh for certain IPs. My sample hosts.allow
> > are below. That external IPs  on my sample are not true.  Thanks  a lot
> > for the help.
> > 
> > glen
> > 
> > # THIS IS MY HOSTS.DENY
> > # hosts.allow   This file describes the names of the hosts which are
> > #               allowed to use the local INET services, as decided
> > #               by the '/usr/sbin/tcpd' server.
> > #
> > sshd: 192.168. 66.167.150. 66.167.151. : ALLOW
> > 
> > # THIS IS MY HOSTS.DENY
> > # hosts.deny    This file describes the names of the hosts which are
> > #               *not* allowed to use the local INET services, as decided
> > #               by the '/usr/sbin/tcpd' server.
> > #
> > # The portmap line is redundant, but it is left to remind you that
> > # the new secure portmap uses hosts.deny and hosts.allow.  In particular
> > # you should know that NFS uses portmap!
> > sshd:ALL
> --
> Philippine Linux Users' Group (PLUG) Mailing List
> [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
> Official Website: http://plug.linux.org.ph
> Searchable Archives: http://marc.free.net.ph
> .
> To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
> .
> Are you a Linux newbie? To join the newbie list, go to
> http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
> 

--
Philippine Linux Users' Group (PLUG) Mailing List
[EMAIL PROTECTED] (#PLUG @ irc.free.net.ph)
Official Website: http://plug.linux.org.ph
Searchable Archives: http://marc.free.net.ph
.
To leave, go to http://lists.q-linux.com/mailman/listinfo/plug
.
Are you a Linux newbie? To join the newbie list, go to
http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie

Reply via email to