Re: SSH/SSHD local LAN only

To: debian-user@lists.debian.org
Subject: Re: SSH/SSHD local LAN only
From: "S.D.Allen" <SDA@Deer-in-the-headlights.ca.invalid>
Date: Fri, 19 Sep 2008 18:38:16 -0400
Message-id: <[🔎] slrngd8aeo.7lr.SDA@PPC.sweetpig.dyndns.org>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: marathon.durandal@gmail.com
References: <[🔎] slrngd7m6k.7lr.SDA@PPC.sweetpig.dyndns.org> <[🔎] c956da920809191014r59da19a3wfb429baba7951f70@mail.gmail.com> <[🔎] 48D3E245.5060007@vrbka.net> <[🔎] 48D406A1.9000804@earthlink.net>

On 2008-09-19, Mumia W.. <paduille.4061.mumia.w+nospam@earthlink.net> wrote:
> On 09/19/2008 12:32 PM, Lubos Vrbka wrote:
>> well, if i understood the question correctly, this should do.
>> 
>> put to file /etc/hosts.allow:
>> ALL:ALL
>> 
>> put to file /etc/hosts.deny:
>> sshd: .your.domain.com allowed_ip_addresses allowed_networks 
>> allowed_hostnames
>> 
>> you can put more or less anything on the line and control who's allowed 
>> to connect (man hosts.deny). i'd say it is straightforward and works 
>> immediatelly without a need to (re)configure a firewall.
>> 
>> best,
>> 
>
> Those look backward to me:
>
> file: /etc/hosts.allow:
> ALL: LOCAL 127.0.0.0/8
> sshd: 192.168.0.0/24
>
> file: /etc/hosts.deny:
> ALL:ALL

Thanks everyone. I didn't think of using the hosts file; And agree
with at least one poster, that this can be done in both sshd and hosts.
Can never be too secure eh ?

Cheers,

Steve

Reply to:

References:
- SSH/SSHD local LAN only
  - From: "S.D.Allen" <SDA@Deer-in-the-headlights.ca.invalid>
- Re: SSH/SSHD local LAN only
  - From: "Jeff Soules" <soules@gmail.com>
- Re: SSH/SSHD local LAN only
  - From: Lubos Vrbka <lists@vrbka.net>
- Re: SSH/SSHD local LAN only
  - From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>

Prev by Date: Re: SSH/SSHD local LAN only
Next by Date: Re: SSH/SSHD local LAN only
Previous by thread: Re: SSH/SSHD local LAN only
Next by thread: Re: SSH/SSHD local LAN only
Index(es):
- Date
- Thread