From owner-freebsd-questions Sat Nov 9 13:24:41 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DEB9E37B401 for ; Sat, 9 Nov 2002 13:24:39 -0800 (PST) Received: from madscience.volumen.net (hickey51.micro-mania.net [208.32.118.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3B70643E3B for ; Sat, 9 Nov 2002 13:24:39 -0800 (PST) (envelope-from shane@howsyournetwork.com) Received: from devo.volumen.net (devo.volumen.net [10.252.238.69]) by madscience.volumen.net (8.11.6/8.11.6) with ESMTP id gA9LOVn05619; Sat, 9 Nov 2002 14:24:31 -0700 Subject: Re: ssh with pam_access? From: Shane Hickey To: Shane Hickey Cc: freebsd-questions@freebsd.org In-Reply-To: <1036871883.14532.60.camel@devo.volumen.net> References: <1036871883.14532.60.camel@devo.volumen.net> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.8 (1.0.8-10) Date: 09 Nov 2002 14:24:31 -0700 Message-Id: <1036877071.17625.10.camel@devo.volumen.net> Mime-Version: 1.0 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hmm... I sort of answered my own question, but that brought up a new question. Apparently, you can just specify sshd allow and deny statements in /etc/hosts.allow. I had always thought that this only worked for services spawned out of inetd? Now I see that inetd is running (even though I have all lines commented out in my /etc/inetd.conf) and it apparently has something to do with the -W flag? Can someone tell me how this magic works? Thanks, Shane On Sat, 2002-11-09 at 12:58, Shane Hickey wrote: > First, lemme say that I foolishly asked this in freebsd-newbies (because > I'm a freebsd newbie) but it turns out that it was the wrong forum. > Anyway, what are people using to only allow ssh from certain > addressees? I'm a recent FreeBSD convert, from Linux. In linuxland I > used both iptables and then I would edit /etc/pam.d/sshd and add this > line > > account required /lib/security/pam_access.so > > to enable the pam module that allowed me to specify hosts/networks in > /etc/security/access.conf. > > I'd rather not do tcp wrappers. Is there an equivalent way to do this > with pam in FreeBSD? I know about ipfilter and I'll be doing that, I > just like to have another layer. > > Thanks, > > Shane > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message