[clug] SSH attack
Michael Cohen
michael.cohen at netspeed.com.au
Mon Jul 25 22:43:18 GMT 2005
On Tue, Jul 26, 2005 at 02:26:35AM +1000, Steven Farlie wrote:
> >BTW: I've read the man page for 'sshd_config', and it seems pretty
> >sketchy to me on how to limit connections to sshd. All I found was:
> >=> AllowUsers USER at HOST
> >
> >Doesn't seem to understand limiting to subnets or denying from address
> >ranges, say like Apache... Did I get this right?
>
> Yep, that's about it. Most people should just set AllowUsers and enforce
> strong passwords on those. Subnet and address range blocking is usually
> best handled by firewalls.
Note that the usuall way for doing this is through
/etc/security/access.conf (at least on debian based distros). For
example:
+:mic:10.
says allow mic to logon from 10. netmask
Michael.
More information about the linux
mailing list