Provide SSH to someone w/ dynamic IP address {Scanned}
Benjamin J. Weiss
benjamin at Weiss.name
Thu Sep 9 01:14:35 UTC 2004
On Wed, 8 Sep 2004, Reuben D. Budiardja wrote:
> On Wednesday 08 September 2004 13:06, Jerry Winegarden wrote:
> > On Sat, 4 Sep 2004, Mike Burger wrote:
> > > On Sat, 4 Sep 2004, Volker Kindermann wrote:
> > > > Hi,
> > > >
> > > > > I'm willing to open up my box to a subnet xxx.xxx.xxx.0 but so far
> > > > > the range of ip addresses he is getting is so large, it will defeat
> > > > > the purpose to blocking ssh because I would have to open up to so
> > > > > many ranges. Is there any solution?
> >
> > <snip>
> >
> > > Hmm...alternately, he could use TCPWrappers. In /etc/hosts.deny, add:
> > >
> > > "sshd: ALL"
> > >
> > > And in /etc/hosts.allow, add:
> >
> > sshd: remotesysname.dyndns.org
>
> I don't think that would work. If I understand thing correctly, if you have
> domain name in /etc/hosts.allow, tcpwrappers will do a reverse lookup to see
> if it match with anything in /etc/hosts.allow. This will give back the
> dynamic name (ie xxxxxxdialup-xx.xx.comcast.com), not the name you register
> with dyndns.org (no PTR record for that), and thus not match with in
> /etc/hosts.allow.
>
> Anyway, I tried it and it didn't work. Someone correct my explanation if I'm
> wrong please.
>
I think it would work if you pointed your nameserver entries in your
/etc/resolv.conf file to the name servers of the dydns.org. Then the
reverse lookup *should* work, I think.
Ben
More information about the redhat-list
mailing list