Provide SSH to someone w/ dynamic IP address {Scanned}
Mike Burger
mburger at bubbanfriends.org
Sat Sep 4 11:50:09 UTC 2004
On Sat, 4 Sep 2004, Volker Kindermann wrote:
> Hi,
>
> > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range
> > of ip addresses he is getting is so large, it will defeat the purpose to
> > blocking ssh because I would have to open up to so many ranges. Is there any
> > solution?
>
> it might be necessary to open port 22 for all ip-addresses.
>
> To lock it down, you may want to put the allowed ssh-users in a group (say ssh-users) and add "AllowGroups ssh-users" to your sshd_config.
Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add:
"sshd: ALL"
And in /etc/hosts.allow, add:
"sshd: put.ip.addr.here/put.net.mask.here"
Either way will require maintaining a list.
> Additionally you may want to disable password-login and allow only key-based login.
This is always an option, as I noted, too.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the redhat-list
mailing list