Date: Fri, 24 Sep 2004 21:50:51 +0100 From: Terry <terry@mrtux.co.uk> To: freebsd-security@freebsd.org Subject: Re: ssh security Message-ID: <415488AB.2060803@mrtux.co.uk> In-Reply-To: <20040923120103.5DD3116A517@hub.freebsd.org> References: <20040923120103.5DD3116A517@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Derek Ragona wrote: >> I tried to implement a similar scheme in my hosts.allow on a FreeBSD >> 5.2.1 server. But when I try to test it from an IP outside my LAN, it >> still allows ssh logins. I even put in a line in hosts.allow to >> explicitly deny the IP I was ssh'ing from, but it still let me in. >> The behavior gives the appearance that TCP wrappers are not enabled, >> and thus the /etc/hosts.allow file is ignored. >> >> Is there something I need to do to enable the wrappers in sshd? I saw >> that there is a compile option for the portable source from >> openssh.org, so I wonder if there is some compile option that needs to >> be enabled in make.conf? >> >> I have gone through the documentation for sshd_config, sshd, >> make.conf, etc. but am not finding anything to change. >> >> -Derek >> >> >> >> At 07:37 AM 9/19/2004, Terry wrote: >> > > >>>> I had the same problem so i setup up hosts.allow to only allow access >>>> from certain ips i require >>>> This has the affect of killing the connection from any other ip befor >>>> gettign to any login prompt >>>> example below >>>> sshd : localhost : allow >>>> sshd : 192.168.2. : allow >>>> sshd : 82.41.115.213 :allow >>>> sshd : 216.123.248.219 : allow <-- public ip i wish to allow of >>>> course i have changed it >>>> sshd : all : deny >>>> >>>> This then shows in log instead of failed login attempts >>>> >>>> dot.blah.co.uk refused connections: >>>> Sep 17 22:11:55 dlt sshd[35669]: refused connect from >>>> usen-219x113x213x21.ap-US.usen.ad.jp (219.113.213.21) >>>> >>>> Regards Terry >>>> >>>> >> >> I read some where the order is important have you tried exactly as i posted only changed ip's to fit your setup ? My freebsd version is 4.10 and i made no other changes i think tcp wrappers are default Terry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?415488AB.2060803>