Re: Fedora's SSH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 23 Feb 2004 23:39:35 -0500
James Drabb <JDrabb@xxxxxxxxxxxxxxx> wrote:

> On Mon, 2004-02-23 at 23:02, Vincent wrote:
> > On Mon, 23 Feb 2004 22:12:20 -0500
> > James Drabb <JDrabb@xxxxxxxxxxxxxxx> wrote:
> > 
> > > Do I need to do anything special to allow hosts outside of my home
> > > network to SSH in?  I am running SSH on port 21 and have opened port 21
> > > on my Linksys router/firewall.  However, I cannot connect from my work
> > > to home.  I am using port 21 because the silly MS Admins where I work
> > > have port 22 blocked, yet they allow telnet.
> > > 
> > > I can ssh on my home computer using my public IP and it connects just
> > > fine.  Do I need to add entries to /etc/hosts.allow?
> > 
> > Maybe. append 
> > sshd: 168.1.1.1.1 sect.mydomain.com 
> > or sshd: ALL
> > to your hosts.allow file, plus double check iptables.
> > If when you try to connect the response is 'connection refused' most likely
> > its a tcp wrap problem.
> 
> I though tcp wrappers was only used on xinetd started apps?  I run SSH
> standalone on startup.

Not exactly, xinitd has its own host based access controls so applications
need not worry about compiling in support. xinitd.conf is where AC's are put in.
libwrap (tcpwrappers) is a library that can be compiled into any application.
#ifdef USE_LIBWRAP
#include <tcpd.h>

so the equivilant to ALL:ALL in /etc/hosts.deny is 'no_access = 0.0.0.0' in /etc/xinitd.conf

> 
> I put the sshd: ALL entry into hosts.all and will give it a shot
> tomorrow.
> 
> Thanks,
> 
> Jim Drabb

Attachment: pgpxSs3JvxoVO.pgp
Description: PGP signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux