On Thu, 2007-08-16 at 17:41 -0400, Michael Klinosky wrote: > Knute: > > 200.100.0.0/16 or 200.100.0.0/255.255.0.0 > > So, would this line work in sshd_config? > ListenAddress 200.100.0.0/255.255.0.0 > > I want to check before I go to that remote computer and try logging in > (it's more than an hour drive). If you only want to allow incoming ssh sessions from that address block, use iptables and insert a rule: -A INPUT -p tcp -m tcp -s 200.100.0.0/16 --sync --dport 22 -j ACCEPT and make sure the last rule is something like: -A INPUT -p tcp -m tcp --tcp-flags SYN,ACK,FIN,RST SYN -j DROP to drop any other connection attempts other than the ones allowed above it. Personally, I wouldn't open ssh to such a wide IP range (a /16 is pretty damned big), and if I did, I'd sure put in a "you get X attempts, and then I block you" rule. ---------------------------------------------------------------------- - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - - CDN Systems, Internap, Inc. http://www.internap.com - - - - "Do you suffer from long-term memory loss?" "I don't remember" - - -- Chumbawumba, "Amnesia" (TubThumping) - ----------------------------------------------------------------------
