Re: reverse mapping and ssh
From: Ron Croonenberg (ronc_at_depauw.edu)
Date: 11/29/04
- Next message: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Previous message: Nico Declerck: "Re: Blocking incoming IP address immediately"
- In reply to: Tim Haynes: "Re: reverse mapping and ssh"
- Next in thread: Tim Haynes: "Re: reverse mapping and ssh"
- Reply: Tim Haynes: "Re: reverse mapping and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Nov 2004 11:13:49 -0500
> Compile it with tcp wrappers support and you'll be able to put `sshd:
> PARANOID' in hosts.allow.
ok, so it isn't in there by default ? I see entries in my secure log like:
Nov 2 21:26:38 thishost sshd[21860]: Could not reverse map address
210.0.142.182
>
>>[2] : the host is in the same domain as the server (and reverse mapping
>> is not needed then)
>
>
> What do you mean by `domain'?
domain as in DNS domain, or IP pool
> Netblocks are trivially appended to the above line, or can be
specified in
> sshd_config, and hosts (or netblocks?) can be tied to specific public keys
> in authorized_keys as well.
>
> You don't want to rely on an external box having a PTR entry pointing at
> something in your "domain", however.
Well, what I want is this. If a host cannot be reverse mapped in DNS
and it is outside our organization then I don't want to accept a
connection with ssh. If it is within our organization I just want to
accept it.
maybe I was a bit vague about what I want,
Ron
- Next message: Jeff Franks: "Re: Blocking incoming IP address immediately"
- Previous message: Nico Declerck: "Re: Blocking incoming IP address immediately"
- In reply to: Tim Haynes: "Re: reverse mapping and ssh"
- Next in thread: Tim Haynes: "Re: reverse mapping and ssh"
- Reply: Tim Haynes: "Re: reverse mapping and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
