From owner-freebsd-questions@FreeBSD.ORG  Wed Aug 25 20:02:55 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 119C016A4D1
	for <questions@freebsd.org>; Wed, 25 Aug 2004 20:02:55 +0000 (GMT)
Received: from zephon.secspace.de (zephon.secspace.de [62.75.136.210])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 92BAF43D4C
	for <questions@freebsd.org>; Wed, 25 Aug 2004 20:02:54 +0000 (GMT)
	(envelope-from ml@ps102.de)
Received: from ariel.office.volker.de (pD95F264D.dip.t-dialin.net
	[217.95.38.77])
	by zephon.secspace.de (Postfix) with ESMTP id 90AB56EB3B;
	Wed, 25 Aug 2004 22:02:48 +0200 (CEST)
Date: Wed, 25 Aug 2004 22:03:20 +0200
From: Volker Kindermann <ml@ps102.de>
To: "Hugo Silva" <klr@6s-gaming.com>
Message-Id: <20040825220320.287f6694@ariel.office.volker.de>
In-Reply-To: <51438.81.84.174.8.1093450304.squirrel@81.84.174.8>
References: <CMEJKMIGPBGBFGMAGDKCCECCCBAA.Mtullos@501Post.com>
	<51438.81.84.174.8.1093450304.squirrel@81.84.174.8>
X-Mailer: Sylpheed-Claws 0.9.12 (GTK+ 1.2.10; i386-portbld-freebsd5.2.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
cc: questions@freebsd.org
Subject: Re: ssh question
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Aug 2004 20:02:55 -0000

> > After modifying the sshd.conf to allow my new IP access via ssh I
> > can't connect.  I have stopped and restarted the service and the
> > server and double
> 
> 'Allow your new ip address' ?
> 
> What you can specify on /etc/ssh/sshd_config is the ip the server
> binds to, not the ip addresses of the clients connecting. (your words
> suggest you did this) - reconfigure your sshd_config to the old value
> (your ip address, or 0.0.0.0) and re-start sshd.
> 
> To limit access to the sshd, use a firewall, like ipfw , pf , or
> ipfilter.
> 

in addition you can actually limit access to the sshd with the keywords
AllowUsers and AllowGroups with the corresponding user/group _names_
(not uid/gid!!!).

But there's no option to do this ip-based (this is possible with
packetfilters or tcp-wrapper).

Do a "netstat -na|grep LISTEN|grep 22" to prove on which IP your
ssh-Server is listening.


 -volker