[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: configure ssh-access

klaus@came.sbg.ac.at wrote:


I want to make ssh-access possible only from a restricted
number of hosts - those that are named in /etc/hosts.allow.
Users who want to login have a DynDNS host-name that shall
be listed in hosts.allow to make it possible for users with
a dial-up internet connection, too.

The problem is that I can only login to the ssh-machine
when I enter the IP-address to the hosts.allow file.
Specifying the hosts DNS-name does not work!

I'd prefer to specify the rules for loggin into the machine
in the sshd_config-file, not in hosts.allow/deny.
But the AllowHosts/DenyHosts-options that could be used in /etc/sshd_config earlier seem to be not any longer available at the SSH-version I'm using. It's: openssh-3.4p1-80 on a SuSE 8.1

Has anybody ideas in this 2 problems?

thx in advance,

I use this line:
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ssh.deny.login onerr=succeed
in /etc/pam.d/ssh
I then restrict users from logging in which i define in ssh.deny.login
Maybe you can tweak a bit and have a script getting updated ip-adresses for your hosts? I dont know if pam can make use of it, just a suggestion.

Reply to: