Date: Mon, 6 Mar 2000 20:20:36 +0100 From: Harold Gutch <logix@foobar.franken.de> To: Alex Michlin <alex@delete.org>, freebsd-security@FreeBSD.ORG Subject: Re: Host Secured Logon Message-ID: <20000306202036.A24878@foobar.franken.de> In-Reply-To: <Pine.BSF.4.10.10003061312330.42706-100000@cx638115-b.sthngtn1.ct.home.com>; from Alex Michlin on Mon, Mar 06, 2000 at 01:15:06PM -0500 References: <Pine.BSF.4.10.10003061312330.42706-100000@cx638115-b.sthngtn1.ct.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 06, 2000 at 01:15:06PM -0500, Alex Michlin wrote:
> Hey all!
>
> Is there an easy way to secure shell accounts with the hostname of the
> user (ie, only someone from *.anyisp.com can logon to shell1, and
> *.myisp.com can logon to any shell)?
(I'm assuming "shell" and "shell1" are two different machines,
not two shells [as in tcsh, bash, ksh etc.])
Hostnames are in the hands of the DNS-administrator for this
specific network. I'd rather setup limits based on IP-addresses.
Both can be done using TCP-wrappers ("man 5 hosts_access") using
/etc/hosts.allow and /etc/hosts.deny.
You will only be able to tighten up your _own_ services like
this; a user will always be able to login from a "trusted" host,
install his own sshd on an unpriviliged port and then login from
anywhere to _his_ sshd.
> Also, is there any good resource where I can find which settings do what
> in the /etc/login.conf?
"man login.conf"?
bye,
Harold
--
Someone should do a study to find out how many human life spans have
been lost waiting for NT to reboot.
Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000306202036.A24878>