On Tue, 2004-07-27 at 12:43, Michael Sullivan wrote: > I've been reading over the hosts.deny man page to get some ideas, but > I'm unclear on how to implement them. I know what I want to do, but I > don't know how to do it. I want to allow all connections from my five > users, those being acsacx, amy, michael, wayne and zack, unless those > requests come from 211.182.241.* These acceptable accounts will likely > only log in through ssh. I want to deny 211.182.241.* unconditonally. > Can anyone give me an example of a hosts.allow/hosts.deny setup that > would do this? Add the following to your /etc/hosts.deny file: sshd : 211.182.241. (note the trailing dot - it is needed) - or - sshd : 211.182.241.0/255.255.255.0 Stay away from user level stuff in the hosts.allow and hosts.deny files. They should really only be used for host level verification. You may or may not need to restart sshd using the following: service sshd restart This will have sshd unconditionally drop anything coming from the one network. --Rob
