Sorry to reply to my own post... I'm an idiot - it should have been sshd: ALL, not ssh: ALL. All fixed, all by myself! cheers, damon Quoth Damon Muller, > Hi all, > > Like a good paranoid user, I protect my dial-up machine with both a > firewall using ipchains, and also using tcp wrappers to add a further > layer of security. > > Sometimes I find it convinient to scp things to my machine for the > outside world, so I leave my ssh port open (I'm using gShield as my > firewall, and highly recommend it). However, I've found that I can't > connect my ssh port from outside when online. > > Digging around for a solution, I found that I had the following in > /etc/hosts.deny: > > ALL: 0.0.0.0/0.0.0.0 > > Which I vaguely remember having put there because of aforementioned > paranoia. This shouldn't have been a problem, I wouldn't have thought as > long as I had the correct line in hosts.allow, as the hosts_access(5) > man page says that allow is checked before deny. > > However, I can't get the hosts.allow bit working. > > I've tried putting > ssh: ALL > > and > > ssh: 0.0.0.0/0.0.0.0 > > in hosts allow, but neither works. Commenting out the sole line in > hosts.deny does, however, allow incoming ssh to work, so obviosuly it's > just a matter of having the correct line in allow. > > Can anyone tell me what that line should be. Maybe I'm overlooking > something obvious, but I can't work it out. > > cheers, > > damon > > -- > Damon Muller (dm-sig6@empire.net.au) / It's not a sense of humor. > * Criminologist / It's a sense of irony > * Webmeister / disguised as one. > * Linux Geek / - Bruce Sterling > > - Running Debian GNU/Linux: Doing my bit for World Domination (tm) - -- Damon Muller (dm-sig6@empire.net.au) / It's not a sense of humor. * Criminologist / It's a sense of irony * Webmeister / disguised as one. * Linux Geek / - Bruce Sterling - Running Debian GNU/Linux: Doing my bit for World Domination (tm) -
Attachment:
pgpCretWqT8K_.pgp
Description: PGP signature