[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: illegal access using ssh

Thanks for the answer. I have not tried accessing debian from another computer yet but from the information I gathered on the internet and your response, it seems tcp wrappers should do the job.

----- Original Message ----- From: "Kevin B. McCarty" <kmccarty@Princeton.EDU>
To: <debian-user@lists.debian.org>
Sent: Thursday, December 01, 2005 11:32 AM
Subject: Re: illegal access using ssh

Amish Rughoonundon wrote:

I was looking at my auth.log file and I saw a bunch of these things:
Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from

I was wondering if there is a way to filter the ip allowed to access
the computer and allow only 1 ip (mine) to do so. Thanks a lot,

Sure!  You could set up a firewall (iptables), but tcpwrappers is
probably easier.  On the server, put this line into /etc/hosts.allow :


(of course, replace with the IP of the computer you want to
permit to log in)

and this line into /etc/hosts.deny :

sshd: ALL

When a new connection attempt is made, the ssh daemon will first check
hosts.allow to see if the host is permitted.  Hence your client system
will be allowed to log in.  If the host isn't listed in hosts.allow,
sshd next checks hosts.deny to see if the host is forbidden.  Since that
file has the entry "ALL", all other hosts will be rejected.  The man
page for hosts_access(5) has more information.

By the way, you can replace the daemon name "sshd" with "ALL" in both
config files, to make this behavior occur for all daemons on the server
that use tcpwrappers.


Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544

To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: