Re: dynamic ip and ssh
From: Richard E. Silverman (slade@shore.net)
Date: 02/27/03
- Next message: Richard E. Silverman: "Re: DenyUsers not working"
- Previous message: Richard E. Silverman: "Re: x11 apps traffic not encrypted"
- In reply to: S. Eng: "dynamic ip and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: slade@shore.net (Richard E. Silverman) Date: 26 Feb 2003 22:18:13 -0500
>>>>> "Eng" == S Eng <ngse@yahoo.com> writes:
Eng> Hi I run Red Hat 7.2 at work and i can ssh from home into the
Eng> linux box until now. I finally figured out my ISP changed from
Eng> static to dynamic IP. If I remove the hosts.allow and hosts.deny,
Eng> it works fine. I would like to do the RSA key instead of the
Eng> hosts.allow.
This statement does not make sense; these are not alternative.
Eng> Would removing the hosts.allow/deny be compromising security?
By itself, this question also does not make sense, as there is no absolute
security standard. However, if you need to connect from arbitrary network
locations, then you don't have any choice, and the security design of the
SSH protocol does not depend on IP addresses. Filtering on source address
is something you do if you happen to have clients with static addresses
and you want a little extra protection (at the cost of more hassle if
your client set changes).
Eng> What exactly do I need to do to make sshd not look at the
Eng> hosts.allow/deny files? TIA.
$ man sshd
...
/etc/hosts.allow, /etc/hosts.deny
Access controls that should be enforced by tcp-wrappers are
defined here. Further details are described in hosts_access(5).
...
-- Richard Silverman slade@shore.net
- Next message: Richard E. Silverman: "Re: DenyUsers not working"
- Previous message: Richard E. Silverman: "Re: x11 apps traffic not encrypted"
- In reply to: S. Eng: "dynamic ip and ssh"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
