Re: [SSHd] Limiting access from authorized IP's
Hi, Gilles wrote: Hello I have a couple of questions about running SSHd: 1. I'd like to limit connections from the Net only from specific IP's. It seems like there are several ways to do it (/etc/hosts.allow, AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would you recommend? You can limit the access using one of the packet filters available, ipfw(8), ipf(8) or pf(4). 2. Although it's up and running, I can't find SSHd in the list of installed apps: sshd(8) is part of the base system, which is a FreeBSD patched version of OpenSSH. Although, you can find some ports of bulk OpenSSH in /usr/ports/security. Pedro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [SSHd] Limiting access from authorized IP's
Hi, Gilles wrote: I don't have a firewall on that host because there's already a NAT router connecting the LAN to the Net. I don't know your setup, but I'm pretty sure you can run the packet filter on your host anyway. You don't need to configure NAT to run your host firewall. I'll just add the following to /etc/ssh/sshd_config, and restart the service: AllowHosts 192.168.0 82.x.x.x OK! BTW, is the SSHd that comes with the system good enough, or should I upgrade to what's in /usr/ports/security/ssh2? For me base system ssh works like a sharm. IMO, you only want to upgrade if you need a specific feature that is not available on system SSH. Pedro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]