Date: Mon, 6 Mar 2000 20:20:36 +0100 From: Harold Gutch <logix@foobar.franken.de> To: Alex Michlin <alex@delete.org>, freebsd-security@FreeBSD.ORG Subject: Re: Host Secured Logon Message-ID: <20000306202036.A24878@foobar.franken.de> In-Reply-To: <Pine.BSF.4.10.10003061312330.42706-100000@cx638115-b.sthngtn1.ct.home.com>; from Alex Michlin on Mon, Mar 06, 2000 at 01:15:06PM -0500 References: <Pine.BSF.4.10.10003061312330.42706-100000@cx638115-b.sthngtn1.ct.home.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 06, 2000 at 01:15:06PM -0500, Alex Michlin wrote: > Hey all! > > Is there an easy way to secure shell accounts with the hostname of the > user (ie, only someone from *.anyisp.com can logon to shell1, and > *.myisp.com can logon to any shell)? (I'm assuming "shell" and "shell1" are two different machines, not two shells [as in tcsh, bash, ksh etc.]) Hostnames are in the hands of the DNS-administrator for this specific network. I'd rather setup limits based on IP-addresses. Both can be done using TCP-wrappers ("man 5 hosts_access") using /etc/hosts.allow and /etc/hosts.deny. You will only be able to tighten up your _own_ services like this; a user will always be able to login from a "trusted" host, install his own sshd on an unpriviliged port and then login from anywhere to _his_ sshd. > Also, is there any good resource where I can find which settings do what > in the /etc/login.conf? "man login.conf"? bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000306202036.A24878>