Provide SSH to someone w/ dynamic IP address {Scanned}

Reuben D. Budiardja techlist at voyager.phys.utk.edu
Wed Sep 8 17:36:25 UTC 2004


On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote:
> On Sat, 4 Sep 2004, Mike Burger wrote:
> > On Sat, 4 Sep 2004, Volker Kindermann wrote:
> > > Hi,
> > >
> > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far
> > > > the range of ip addresses he is getting is so large, it will defeat
> > > > the purpose to blocking ssh because I would have to open up to so
> > > > many ranges. Is there any solution?
>
> <snip>
>
> > Hmm...alternately, he could use TCPWrappers.  In /etc/hosts.deny, add:
> >
> > "sshd: ALL"
> >
> > And in /etc/hosts.allow, add:
>
> sshd: remotesysname.dyndns.org

I don't think that would work. If I understand thing correctly, if you have 
domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see 
if it match with anything in /etc/hosts.allow. This will give back the 
dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register 
with dyndns.org (no PTR record for that), and thus not match with in 
/etc/hosts.allow.

Anyway, I tried it and it didn't work. Someone correct my explanation if I'm 
wrong please.

RDB
-- 
Reuben D. Budiardja
Dept. Physics and Astronomy
University of Tennesse, Knoxville, TN

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT/M/MU/P/S d-(++) s: a-- C++(+++) UL++++ P-- L+++>++++ E- W+++ 
N+ o? K- w--- !O M- V? !PS !PE Y PGP- t+ 5 X R- tv+ 
b++>+++ DI D(+) G e++>++++ h+(*) r++ y->++++
------END GEEK CODE BLOCK------





More information about the redhat-list mailing list