ssh security
Terry
terry at mrtux.co.uk
Fri Sep 24 13:50:40 PDT 2004
Derek Ragona wrote:
>> I tried to implement a similar scheme in my hosts.allow on a FreeBSD
>> 5.2.1 server. But when I try to test it from an IP outside my LAN, it
>> still allows ssh logins. I even put in a line in hosts.allow to
>> explicitly deny the IP I was ssh'ing from, but it still let me in.
>> The behavior gives the appearance that TCP wrappers are not enabled,
>> and thus the /etc/hosts.allow file is ignored.
>>
>> Is there something I need to do to enable the wrappers in sshd? I saw
>> that there is a compile option for the portable source from
>> openssh.org, so I wonder if there is some compile option that needs to
>> be enabled in make.conf?
>>
>> I have gone through the documentation for sshd_config, sshd,
>> make.conf, etc. but am not finding anything to change.
>>
>> -Derek
>>
>>
>>
>> At 07:37 AM 9/19/2004, Terry wrote:
>>
>
>
>>>> I had the same problem so i setup up hosts.allow to only allow access
>>>> from certain ips i require
>>>> This has the affect of killing the connection from any other ip befor
>>>> gettign to any login prompt
>>>> example below
>>>> sshd : localhost : allow
>>>> sshd : 192.168.2. : allow
>>>> sshd : 82.41.115.213 :allow
>>>> sshd : 216.123.248.219 : allow <-- public ip i wish to allow of
>>>> course i have changed it
>>>> sshd : all : deny
>>>>
>>>> This then shows in log instead of failed login attempts
>>>>
>>>> dot.blah.co.uk refused connections:
>>>> Sep 17 22:11:55 dlt sshd[35669]: refused connect from
>>>> usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21)
>>>>
>>>> Regards Terry
>>>>
>>>>
>>
>>
I read some where the order is important have you tried exactly as i
posted only changed ip's to fit your setup ?
My freebsd version is 4.10 and i made no other changes i think tcp
wrappers are default
Terry
More information about the freebsd-security
mailing list