On Tue, 2004-07-27 at 11:43, Michael Sullivan wrote: > I've been reading over the hosts.deny man page to get some ideas, but > I'm unclear on how to implement them. I know what I want to do, but I > don't know how to do it. I want to allow all connections from my five > users, those being acsacx, amy, michael, wayne and zack, unless those > requests come from 211.182.241.* These acceptable accounts will likely > only log in through ssh. I want to deny 211.182.241.* unconditonally. > Can anyone give me an example of a hosts.allow/hosts.deny setup that > would do this? > ALL: 211.182.241.0/255.255.255.0 (I believe there are other working syntaxes for the line as well.) put into the hosts.deny file would deny all access to hosts in the range you listed for all services that use tcp wrappers for access control. and would leave all other access unrestricted. IMHO a simpler and better way would be to use a rule in iptables that would deny access to all hosts in that range. It then applies to all connection attempts, not just those using tcp wrappers. > > On Tue, 2004-07-27 at 11:12, Michael Sullivan wrote: > > The kiddies using their script file to try to hack into my systems > > through sshd using accounts guest and test tried again yesterday. This > > morning I opened up the man page for sshd_config in Konquerer (the > > colour coding is very nice) and discovered how I could deny access > > through ssh from all accounts except the accounts that might use it > > (this excludes guest and test). The other day I went in to each of the > > user accounts and modified their .bashrc file so that when they log in > > it asks them to change their password and boot them out. This will work > > for now because for now the enemy script is only trying to inquire about > > the nonexistent guest and test accounts. The IP addresses they try to > > log in from vary slightly, but for the most part I think the first three > > octets are the same. I looked through the man page for sshd_config for > > a way to block their IP, but I couldn't find it. Does anyone here know > > how to do this? > The AllowUsers option in the /etc/ssh/sshd_config file can be used to explicitly specify a list of those users who can use ssh, (If used, NO other users can connect with ssh.) You also can specify connection with a key and a passphrase if you wish to better control authorized access. man sshd_config is your friend, as well as reading the comments in the default /etc/ssh/sshd_config file.