RE: configure ssh-access
Hello!
>-----Original Message-----
>From: Anne Carasik [mailto:gator@mail.cacr.caltech.edu]
>Sent: Monday, July 07, 2003 5:05 PM
>To: klaus@came.sbg.ac.at
>Cc: debian-security@lists.debian.org
>Subject: Re: configure ssh-access
>
>
>Why not just limit the access through SSH public key?
>It sounds like that would accomplish what you're trying
>to do.
I think this problem should not be solved with configuring sshd.
I solved it with iptables script which resolv my dynamic host every 5mins,
and then reload the firewall if needed.
A ssh solution has the disadvantage that if it is buggy, a sshd config
change might not save your box from unallowed access. That is my i block my
ssh daemon, cause the posibility is there that there might be a ssh exploit
soon ;)
In my eyes a combination of a sshd config solution and a iptables rule would
properly do its joy quite safely.
Yours, Mario
>
>-Anne
>
>klaus@came.sbg.ac.at grabbed a keyboard and typed...
>> Hi!
>>
>> I want to make ssh-access possible only from a restricted
>> number of hosts - those that are named in /etc/hosts.allow.
>> Users who want to login have a DynDNS host-name that shall
>> be listed in hosts.allow to make it possible for users with
>> a dial-up internet connection, too.
>>
>> BUT:
>> The problem is that I can only login to the ssh-machine
>> when I enter the IP-address to the hosts.allow file.
>> Specifying the hosts DNS-name does not work!
>>
>> AND:
>> I'd prefer to specify the rules for loggin into the machine
>> in the sshd_config-file, not in hosts.allow/deny.
>> But the AllowHosts/DenyHosts-options that could be used in
>> /etc/sshd_config earlier seem to be not any
>> longer available at the SSH-version I'm using.
>> It's: openssh-3.4p1-80 on a SuSE 8.1
>>
>> Has anybody ideas in this 2 problems?
>>
>> thx in advance,
>> Klaus
>>
Reply to: