Re: configure ssh-access
On Mon, Jul 07, 2003 at 11:08:38AM +0200, klaus@came.sbg.ac.at wrote:
> Hi!
>
> I want to make ssh-access possible only from a restricted
> number of hosts - those that are named in /etc/hosts.allow.
> Users who want to login have a DynDNS host-name that shall
> be listed in hosts.allow to make it possible for users with
> a dial-up internet connection, too.
>
> BUT:
> The problem is that I can only login to the ssh-machine
> when I enter the IP-address to the hosts.allow file.
> Specifying the hosts DNS-name does not work!
>
> AND:
> I'd prefer to specify the rules for loggin into the machine
> in the sshd_config-file, not in hosts.allow/deny.
> But the AllowHosts/DenyHosts-options that could be used in
> /etc/sshd_config earlier seem to be not any
> longer available at the SSH-version I'm using.
> It's: openssh-3.4p1-80 on a SuSE 8.1
>
> Has anybody ideas in this 2 problems?
If you know what ISP the people you want to allow are using, you can find
out what IP address blocks they have, and allow those blocks. For example,
my sshd allows connections from, among other things, *@::ffff:24.222.*. (It
listens on ipv6, so v4 connections are seen as coming from v4-mapped
addresses.)
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug.n , s.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BC
Reply to: