Re: ssh won't work through router/firewall

From: Per Hedeland (per_at_hedeland.org)
Date: 04/27/04 

Date: Tue, 27 Apr 2004 20:46:25 +0000 (UTC)

In article <da662010.0404261933.ce63197@posting.google.com>
mnemotronic@yahoo.com (pt) writes:
>per@hedeland.org (Per Hedeland) wrote in message news:<c6iav9$42s$1@hedeland.org>...
>> In article <da662010.0404252124.89b996c@posting.google.com>
>> mnemotronic@yahoo.com (pt) writes:
>> >
>> >/var/log/secure says:
>> >Apr 25 23:12:29 turkey sshd[23676]: refused connect from
>> >c-24-8-x-y.client.comcast.net (24.8.x.y)
>> >
>> >hosts.allow says:
>> >ssh : ALL
>>
>> Try
>>
>> sshd : ALL
>>
>> instead. Generally the name in the hosts.* files should be that of the
>> process checking them for access rights - i.e. sshd in this case, not
>> ssh.
>
>Bingo! That's it! Thanks very much! Now, I would feel better if I
>could trim the "ALL" client spec down to a few, selected locations:
>
>sshd : 192.168.1. , LOCAL , .comcast.net , .where_I_work.com ,
>.some.other.fqdn
>
>Is that correct???

Minus the unescaped line break (which may have been inserted by your
newsreader), it seems syntactically correct - whether the semantics are
what you want I wouldn't know:-) (.comcast.net doesn't seem like "a few"
though). Syntax and semantics should supposedly be documented in the
hosts_access(5) (or possibly hosts_options(5)) man page on your system -
I think there are some variations depending on version of and compile
time options for the tcp_wrappers package.

--Per Hedeland
per@hedeland.org