Re: reverse mapping and ssh
From: Tim Haynes (usenet-20041129_at_stirfried.vegetable.org.uk)
Date: 11/29/04
- Next message: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Previous message: Jeff Franks: "Blocking incoming IP address immediately"
- In reply to: Ron Croonenberg: "reverse mapping and ssh"
- Next in thread: Ron Croonenberg: "Re: reverse mapping and ssh"
- Reply: Ron Croonenberg: "Re: reverse mapping and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 15:37:07 +0000
Ron Croonenberg <ronc@depauw.edu> writes:
> Hello,
>
> can ssh be set up in a way so that a connection can only be established
> when :
>
> [1] : the host that is trying to connect can be reverse mapped OR
Compile it with tcp wrappers support and you'll be able to put `sshd:
PARANOID' in hosts.allow.
> [2] : the host is in the same domain as the server (and reverse mapping
> is not needed then)
What do you mean by `domain'?
Netblocks are trivially appended to the above line, or can be specified in
sshd_config, and hosts (or netblocks?) can be tied to specific public keys
in authorized_keys as well.
You don't want to rely on an external box having a PTR entry pointing at
something in your "domain", however.
~Tim
-- Famous moments vanish without trace |piglet@stirfried.vegetable.org.uk Trees grow tall, fields grow wheat |http://www.photoboxgallery.com/timhaynes
- Next message: Tim Haynes: "Re: Blocking incoming IP address immediately"
- Previous message: Jeff Franks: "Blocking incoming IP address immediately"
- In reply to: Ron Croonenberg: "reverse mapping and ssh"
- Next in thread: Ron Croonenberg: "Re: reverse mapping and ssh"
- Reply: Ron Croonenberg: "Re: reverse mapping and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
