Provide SSH to someone w/ dynamic IP address {Scanned}
Jerry Winegarden
jbw at duke.edu
Wed Sep 8 17:06:10 UTC 2004
On Sat, 4 Sep 2004, Mike Burger wrote:
> On Sat, 4 Sep 2004, Volker Kindermann wrote:
>
> > Hi,
> >
> > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far the range
> > > of ip addresses he is getting is so large, it will defeat the purpose to
> > > blocking ssh because I would have to open up to so many ranges. Is there any
> > > solution?
<snip>
> Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add:
>
> "sshd: ALL"
>
> And in /etc/hosts.allow, add:
sshd: remotesysname.dyndns.org
where your remote user has a dynamic dns registration (e.g. from
DYNDNS.ORG, thus "remotesysname.dyndns.org"), which can get updated on the
fly whenever the remote user changes IP numbers, if that remote user's home
router supports ddclient. (or use a linux box as router so it can).
Then, you don't have to open things up to a whole IP block.
--
***************************************************
.~. Jerry Winegarden
/ v \ OIT/Technical Support, Duke University
/( _ )\ jbw at duke.edu, http://www-jerry.oit.duke.edu
^ ^
***************************************************
More information about the redhat-list
mailing list