[TriLUG] Limit ssh access

Steven Blanchard sgblanch at email.unc.edu
Tue Jan 22 13:11:56 EST 2002


my default sshd on redhat 7.2, which starts through init.d honors the 
/etc/hosts.allow and /etc/hosts.deny files, so I can deny all:all and 
allow sshd:152.2. for instance

Kevin Hunter wrote:

> I'm seeing a lot of conflicting tips on the net on how to limit who
> can ssh into my linux ( RH 7.2 ) box.  Maybe it's my general level of
> inexperience, but there doesn't seem t/b a consensus on this.  I've
> read that I should use tcp_wrapper, and that I cannot use tcp_wrapper
> ( I start sshd through a rc.d script, not from inetd/xinetd ).  I've
> seen reference to use "AllowGroups/AllowUsers" in the sshd_config
> file and I've seen comments that you can't use this w/ any version of
> openssh after 1.2 ( I have openssh 2.9p2-7 ).
> 
> I would greatly appreciate a recommendation from one of the seasoned
> professionals on this list.
> 
> Does tcp_wrapper only work w/ daemons started w/in the inetd/xinetd
> framework, or will it work w/ other tcp services started from
> /etc/rc.d/init.d/ ??
> 
> Thx!!
> 
> KH
> 
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug
> 





More information about the TriLUG mailing list