hosts.allow
Richard Villa
rvilla1 at swbell.net
Tue Jan 15 15:25:08 EST 2002
How would that work if the server is behind a router?
Richard
On Tue, 15 Jan 2002,
Gene Collins wrote:
> Hello all. Hosts.allow and hosts.deny can contain lists of hosts or the
> word ALL in upper case to be associated with a particular service. If you
> deny all access in hosts.deny, and then allow specific access in
> hosts.allow, the hosts.allow file will over ride the hosts.deny file.
> For example, suppose you want to allow ssh access to ip address
> 192.168.1.1 and 192.168.1.2 and wanted to block everyone else. you
> could put the following in your hosts.deny file:
>
> sshd: ALL
>
> All ssh access is now blocked. You can then open access for the two
> addresses you want with the following line in your hosts.allow file:
>
> sshd: 192.168.1.1 192.168.1.2
>
> Only these two addresses would now have ssh access. If you have the
> line:
>
> ALL: ALL
>
> in your hosts.deny file, then the line:
>
> sshd: ALL
>
> in your hosts.allow file will open up all ssh access, while leaving
> other services like telnet, finger and ftp closed. When working with
> hosts.allow and osts.deny files, it's best to be specific about which
> services you are granting access to. renaming your host.deny file to
> something else will throw your system wide open, which is not what you
> want. In theory, if the hosts.deny file is empty or does not exist, and
> you have entries in your hosts.allow file, only those addresses for the
> specified services should get access. I would not count on it, however.
> Better to specifically deny all access, and then open up only what you
> intend.
>
> Gene Collins
>
> >Hi!
> >
> > Try man tcpd or man hosts_access. Sshd will use /etc/hosts_* files
> >only if tcpwrapper support is included when compiling. In that case
> >hosts_allow line is something like
> >sshd : all (or sshd2 : all, try both).
> >
> > Normally sshd holds it's own access control in sshd_config file
> >somewhere under /etc.
> >
> > btw: make sure you use the latest version of ssh, earlier versions
> >at least 1.2.31 have severe security problem.
> >
> >
> > Gregory Nowak 05.01.02:
> >
> >>I've tried typing "man hosts.allow", but no luck, so I have to ask.
> >>As Janina mentioned in reply to one of my posts, I'm currently blocking al=
> >l connections with
> >>"ALL: all".
> >>However, I want to let ssh in from any ip address. How do I do this?
> >>I've tried "ssh: all", but no luck.
> >>Greg
> >>
> >>
> >>_______________________________________________
> >>Speakup mailing list
> >>Speakup at braille.uwo.ca
> >>http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >>
> >
> >
> >Esitt=E4m=E4ni mielipiteet ovat omiani eiv=E4tk=E4 v=E4ltt=E4m=E4tt=E4 ed=
> >usta
> >ty=F6nantajani tai internet-palveluntarjoajani virallista kantaa.
> >--=20
> >Mr. Ari Moisio, Niittykatu 7, 41160 Tikkakoski, +358-40-5055239
> >ari.moisio at iki.fi http://www.iki.fi/arimo PGP-keyID: 0x3FAF0F05
> >
> >
> >
> >_______________________________________________
> >Speakup mailing list
> >Speakup at braille.uwo.ca
> >http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
>
More information about the Speakup
mailing list