Re: ssh update or upgrade required? which is it? [now restricting ssh]

To: debian-user@lists.debian.org
Subject: Re: ssh update or upgrade required? which is it? [now restricting ssh]
From: Marc Wilson <msw@cox.net>
Date: Mon, 24 Jun 2002 20:59:45 -0700
Message-id: <[🔎] 20020625035945.GE23684@moonkingdom.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 000601c21bf0$9705b5b0$cf01a8c0@tin>
References: <[🔎] 20020625112843.A4541@chrisk.sw.oz.au> <[🔎] 000601c21bf0$9705b5b0$cf01a8c0@tin>

On Mon, Jun 24, 2002 at 07:32:45PM -0700, justin cunningham wrote:
> If I wanted to restrict ssh to only listen for my office's ip until it
> gets patched how do I do this?  I tried editing sshd_config and putting
> my office ip as the listenaddress but it didn't work.  What did I do
> incorrectly?

Debian's sshd knows about libwrap, so you can block people out like so:

/etc/hosts.deny:
sshd: ALL

/etc/hosts.allow:
sshd: hosts_that_you_want_to_be_able_to_connect

Now, whether this stops the exploit that Theo's bragging about, who knows?
No one knows the particulars of it yet. :(

It's probably a good idea to always be restricting who can connect to those
you WANT to be connecting, in any case.

You could also do it with ipchains/iptables, and only let the IP's through
that you wanted through.

-- 
Marc Wilson
msw@cox.net

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: ssh update or upgrade required? which is it?
  - From: Chris Kenrick <chrisk@aurema.com>
- RE: ssh update or upgrade required? which is it? [now restricting ssh]
  - From: "justin cunningham" <justincunningham@directvinternet.com>

Prev by Date: Re: exim doesn't deliver to maildirs
Next by Date: Re: exim doesn't deliver to maildirs
Previous by thread: Re: ssh update or upgrade required? which is it? [now restricting ssh]
Next by thread: g++ 2.96 on debian?
Index(es):
- Date
- Thread