Date: 09 Nov 2002 14:24:31 -0700 From: Shane Hickey <shane@howsyournetwork.com> To: Shane Hickey <shane@howsyournetwork.com> Cc: freebsd-questions@freebsd.org Subject: Re: ssh with pam_access? Message-ID: <1036877071.17625.10.camel@devo.volumen.net> In-Reply-To: <1036871883.14532.60.camel@devo.volumen.net> References: <1036871883.14532.60.camel@devo.volumen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hmm... I sort of answered my own question, but that brought up a new question. Apparently, you can just specify sshd allow and deny statements in /etc/hosts.allow. I had always thought that this only worked for services spawned out of inetd? Now I see that inetd is running (even though I have all lines commented out in my /etc/inetd.conf) and it apparently has something to do with the -W flag? Can someone tell me how this magic works? Thanks, Shane On Sat, 2002-11-09 at 12:58, Shane Hickey wrote: > First, lemme say that I foolishly asked this in freebsd-newbies (because > I'm a freebsd newbie) but it turns out that it was the wrong forum. > Anyway, what are people using to only allow ssh from certain > addressees? I'm a recent FreeBSD convert, from Linux. In linuxland I > used both iptables and then I would edit /etc/pam.d/sshd and add this > line > > account required /lib/security/pam_access.so > > to enable the pam module that allowed me to specify hosts/networks in > /etc/security/access.conf. > > I'd rather not do tcp wrappers. Is there an equivalent way to do this > with pam in FreeBSD? I know about ipfilter and I'll be doing that, I > just like to have another layer. > > Thanks, > > Shane > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1036877071.17625.10.camel>