Amish Rughoonundon wrote:
I was looking at my auth.log file and I saw a bunch of these things:
Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from
212.0.148.2
I was wondering if there is a way to filter the ip allowed to access
the computer and allow only 1 ip (mine) to do so. Thanks a lot,
Sure! You could set up a firewall (iptables), but tcpwrappers is
probably easier. On the server, put this line into /etc/hosts.allow :
sshd: 1.2.3.4
(of course, replace 1.2.3.4 with the IP of the computer you want to
permit to log in)
and this line into /etc/hosts.deny :
sshd: ALL
When a new connection attempt is made, the ssh daemon will first check
hosts.allow to see if the host is permitted. Hence your client system
will be allowed to log in. If the host isn't listed in hosts.allow,
sshd next checks hosts.deny to see if the host is forbidden. Since that
file has the entry "ALL", all other hosts will be rejected. The man
page for hosts_access(5) has more information.
By the way, you can replace the daemon name "sshd" with "ALL" in both
config files, to make this behavior occur for all daemons on the server
that use tcpwrappers.
regards,
--
Kevin B. McCarty <kmccarty@princeton.edu> Physics Department
WWW: http://www.princeton.edu/~kmccarty/ Princeton University
GPG: public key ID 4F83C751 Princeton, NJ 08544
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org