[clug] sshd ListenOnly

Kim Holburn kim.holburn at anu.edu.au
Tue Mar 29 00:25:03 GMT 2005 

If you are going down the road of using other things apart from sshd 
itself then the best way would be to use iptables, much more secure and 
much finer control.

Kim

On 2005 Mar 28, , at 9:55 PM, david wrote:

> I liked paul's suggestion, I read thru the man page but this
>
> http://closedsrc.org/dn-articles/hosts_allow.html
>
> was also very useful. It also has wider appeal :)
>
> thanks both Paul and Kim
>
> david
>
> Kim Holburn wrote:
>> from "man sshd_config":
>>      AllowUsers
>>              This keyword can be followed by a list of user name 
>> patterns,
>>              separated by spaces.  If specified, login is allowed 
>> only for
>>              user names that match one of the patterns.  `*' and `'?  
>> can be
>>              used as wildcards in the patterns.  Only user names are 
>> valid; a
>>              numerical user ID is not recognized.  By default, login 
>> is
>>              allowed for all users.  If the pattern takes the form 
>> USER at HOST
>>              then USER and HOST are separately checked, restricting 
>> logins to
>>              particular users from particular hosts.
>> So maybe:
>> AlowUsers @hostname
>> AllowUsers *@192.168.0.2
>> On 2005 Mar 28, , at 7:56 PM, david wrote:
>>> Hi all
>>>
>>> I am wading thru sshd directives, can someone suggest a conf that 
>>> will make sshd respond only to a single ip or a subnet?
>>>
>>> tia
>>> -- 
>>> ----------------------------------------------------------------
>>> David Howe
>>> http://www.qednet.biz
>>> ----------------------------------------------------------------
>>>    |                                                           |
>>>    | Your mouse has moved.                                     |
>>>    | Windows must be restarted for the change to take effect.  |
>>>    |                                                           |
>>>    |                                                           |
>>>    |                                             +----+        |
>>>    |                                             | OK |        |
>>>    |                                             +----+        |
>>>    +-----------------------------------------------------------+
>>> -- 
>>> linux mailing list
>>> linux at lists.samba.org
>>> https://lists.samba.org/mailman/listinfo/linux
>>>
>
>
> -- 
> ----------------------------------------------------------------
> David Howe
> http://www.qednet.biz
> ----------------------------------------------------------------
>    |                                                           |
>    | Your mouse has moved.                                     |
>    | Windows must be restarted for the change to take effect.  |
>    |                                                           |
>    |                                                           |
>    |                                             +----+        |
>    |                                             | OK |        |
>    |                                             +----+        |
>    +-----------------------------------------------------------+
>
-- 
Kim Holburn
Network Manager,  National ICT Australia Ltd.
Ph: +61 2 61258620 M: +61 417820641 F: +61 2 6230 6121 aim://kimholburn
Email: kim.holburn at anu.edu.au  - PGP Public Key on request  
callto://kholburn
Cacert Root Cert: http://www.cacert.org/index.php?id=16 -> 
http://www.cacert.org/cacert.crt
Aust. Spam Act: To stop receiving mail from me: reply and let me know.

Use ISO 8601 dates [YYYY-MM-DD] 
http://www.saqqara.demon.co.uk/datefmt.htm
Democracy imposed from without is the severest form of tyranny.
                           -- Lloyd Biggle, Jr. Analog, Apr 1961

More information about the linux mailing list