Re: More SSH 'trolling'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



One more lockdown on ssh I have not seen mentioned recently
is /etc/hosts.allow and /etc/hosts.deny.  The sshd uses these.
If you have some idea of where people will be ssh'ing from, you
can limit the IP ranges, or domain names which can get past
in.  If you don't match the list, you never even get to the login
prompt.  For example, my home ssh only allows the IP address of
my machine at work to get a login prompt.

Note that sshd (and tcpwrappers) looks at hosts.allow first and if
it gets a thumbs up you get a login prompt.  It then looks at
hosts.deny.  If you are not covered by this list, YOU GET IN!
You probably want a hosts.deny file that reads:

ALL: ALL

That blocks everything except what is in hosts.allow. 

If you have a lot of people coming in from very diverse IP addresses,
you could play the reverse game and use the hosts.deny to just block
the IP ranges you see trolling.  Lot of flexibility here.  Breaking in
to ssh is even harder when you can't get a login prompt.

Robert E. Styma
Principal Engineer (DMTS)
Lucent Technologies, Phoenix
Email: stymar@xxxxxxxxxx
Phone: 623-582-7323
FAX:   623-581-4390
Company:  http://www.lucent.com
Personal: http://www.swlink.net/~styma


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux