Fedora Users — Re: How can I block IP address range with sshd

Re: How can I block IP address range with sshd_config

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

Subject: Re: How can I block IP address range with sshd_config

From: Mike Klinke <lsomike@xxxxxxxxxx>

Date: Tue, 27 Jul 2004 11:37:38 -0500

In-reply-to: <[email protected]>

References: <[email protected]>

Reply-to: lsomike@xxxxxxxxxx, For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

User-agent: KMail/1.5.4

On Tuesday 27 July 2004 11:12, Michael Sullivan wrote:

> I looked through the man page for sshd_config for a way to block
> their IP, but I couldn't find it.  Does anyone here know how to do
> this?

Another option in addition to all the other good advice you've been 
sent is to use sshd via xinetd and you can restrict access to 
specific IP addresses/ranges, times of day, connection frequeceny and  
the other options listed in "man xinetd.conf".  A typical 
configuration to limit access to the 192.168.1.0 network would look 
something like:

service ssh
{
        disable = no
        socket_type = stream
        type = UNLISTED
        port = 22
        protocol = tcp
        wait = no
        user = root
        server = /usr/sbin/sshd
        server_args = -i -u0
        only_from = 192.168.1.0 
}

Regards,  Mike Klinke