Re: SSH security
From: Bryan Paxton (evil7@deadhorse.net)Date: 10/19/01
- Previous message: Mike Patterson: "Re: Root can't delete files"
- In reply to: Brian Clifton: "SSH security"
- Next in thread: Patrick Ohnewein: "Re: SSH security"
- Next in thread: R Dicaire: "Re: SSH security"
- Reply: Patrick Ohnewein: "Re: SSH security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: Re: SSH security From: Bryan Paxton <evil7@deadhorse.net> To: Brian Clifton <brian@omegadm.co.uk> Date: 19 Oct 2001 11:17:43 -0500 Message-Id: <1003508263.25294.7.camel@sQa.deadhorse.net>
On Fri, 2001-10-19 at 08:57, Brian Clifton wrote:
> Does anyone know how to restrict ssh login access to certain ip's??
> e.g. like host.allow does? I have found un-authorised attempts trying
> to log in via ssh in var/logs/secure..
Well, you could run sshd our of inetd, and use tcp_wrappers (I only
recommend tcp wrappers when it is a must situation).
But I would recommend filtering at the kernel level (ipchains,
netfilter, etc...).
The best approach would be to set up a ruleset that states the hosts
that are allowed to contact your box on port 22, then to deny to all
other traffic inbound for port 22 on your box.
Cheers
-- Bryan Paxton Public PGP key: http://www.deadhorse.net/evil7.gpg
- Previous message: Mike Patterson: "Re: Root can't delete files"
- In reply to: Brian Clifton: "SSH security"
- Next in thread: Patrick Ohnewein: "Re: SSH security"
- Next in thread: R Dicaire: "Re: SSH security"
- Reply: Patrick Ohnewein: "Re: SSH security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
