Re: configure ssh-access

To: debian-security@lists.debian.org
Subject: Re: configure ssh-access
From: Kenneth Macdonald Karlsen <ken@fiona-victor.com>
Date: Mon, 07 Jul 2003 23:01:50 +0200
Message-id: <[🔎] 3F09DFBE.4060003@fiona-victor.com>
References: <[🔎] 20030707090838.GA23350@lore.came.sbg.ac.at>

klaus@came.sbg.ac.at wrote:

Hi!

I want to make ssh-access possible only from a restricted
number of hosts - those that are named in /etc/hosts.allow.
Users who want to login have a DynDNS host-name that shall
be listed in hosts.allow to make it possible for users with
a dial-up internet connection, too.

BUT:
The problem is that I can only login to the ssh-machine
when I enter the IP-address to the hosts.allow file.
Specifying the hosts DNS-name does not work!

AND:
I'd prefer to specify the rules for loggin into the machine
in the sshd_config-file, not in hosts.allow/deny.

But the AllowHosts/DenyHosts-options that could be used in/etc/sshd_config earlier seem to be not anylonger available at the SSH-version I'm using.It's: openssh-3.4p1-80 on a SuSE 8.1


Has anybody ideas in this 2 problems?

thx in advance,
Klaus

Hi.
I use this line:

auth required /lib/security/pam_listfile.so item=user sense=denyfile=/etc/ssh.deny.login onerr=succeed

in /etc/pam.d/ssh
I then restrict users from logging in which i define in ssh.deny.login

Maybe you can tweak a bit and have a script getting updated ip-adressesfor your hosts? I dont know if pam can make use of it, just a suggestion.

Kenneth

Reply to:

References:
- configure ssh-access
  - From: klaus@came.sbg.ac.at

Prev by Date: Re: configure ssh-access
Next by Date: Re: [mdz@debian.org: [SECURITY] [DSA-340-1] New x-face-el packages fix insecure temporary file creation]
Previous by thread: Re: configure ssh-access
Next by thread: Re: configure ssh-access
Index(es):
- Date
- Thread