Provide SSH to someone w/ dynamic IP address {Scanned}
Reuben D. Budiardja
techlist at voyager.phys.utk.edu
Wed Sep 8 17:36:25 UTC 2004
On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote:
> On Sat, 4 Sep 2004, Mike Burger wrote:
> > On Sat, 4 Sep 2004, Volker Kindermann wrote:
> > > Hi,
> > >
> > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far
> > > > the range of ip addresses he is getting is so large, it will defeat
> > > > the purpose to blocking ssh because I would have to open up to so
> > > > many ranges. Is there any solution?
>
> <snip>
>
> > Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add:
> >
> > "sshd: ALL"
> >
> > And in /etc/hosts.allow, add:
>
> sshd: remotesysname.dyndns.org
I don't think that would work. If I understand thing correctly, if you have
domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see
if it match with anything in /etc/hosts.allow. This will give back the
dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register
with dyndns.org (no PTR record for that), and thus not match with in
/etc/hosts.allow.
Anyway, I tried it and it didn't work. Someone correct my explanation if I'm
wrong please.
RDB
--
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennesse, Knoxville, TN
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------
More information about the redhat-list
mailing list