[Devil-Linux-discuss] Re: TCP Wrappers in DL ?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> >  >You can specify this in the sshd_config file.
> >  >For all other restrictions you should use firewall rules
> >  >(iptables/netfilter), those are much more secure and allow you much more
> >  >control.
> >  >
> >  >Heiko
> > 
> > How do you limit access according to login name with iptables rules?
> > For example root can only login from 192.XXX.YYY.ZZZ?
> 
> You can't specify users in iptables rules, but you can in sshd_config,
> and you can limit users to certain IP addresses or host names.  i.e.:
> 
> 
> AllowUsers bruce tim ro...@ho... root@192.168.1.1
> 
> 
> Which means "bruce" & "tim" can login from anywhere, 
> root can only login from these hosts:  host.mydomain.com & 192.168.1.1  
> and NOBODY ELSE CAN LOGIN via ssh AT ALL.
> 
>  - BS

that only fixes the problem for ssh. The advantage of tcp wrappers is that you 
have only one file to edit. Not all config files for ftp, SQL and etc..

I was thinking of why tcp wrapper isn't in devil-linux, I thought that there 
was a another way to limit access for login names. To edit multiple config 
files everytime there is a new user isn't very handy.

Jonathan Gustafson