From: Jonathan G. <jon...@ze...> - 2004-09-18 08:56:33
|
> > >You can specify this in the sshd_config file. > > >For all other restrictions you should use firewall rules > > >(iptables/netfilter), those are much more secure and allow you much more > > >control. > > > > > >Heiko > > > > How do you limit access according to login name with iptables rules? > > For example root can only login from 192.XXX.YYY.ZZZ? > > You can't specify users in iptables rules, but you can in sshd_config, > and you can limit users to certain IP addresses or host names. i.e.: > > > AllowUsers bruce tim ro...@ho... root@192.168.1.1 > > > Which means "bruce" & "tim" can login from anywhere, > root can only login from these hosts: host.mydomain.com & 192.168.1.1 > and NOBODY ELSE CAN LOGIN via ssh AT ALL. > > - BS that only fixes the problem for ssh. The advantage of tcp wrappers is that you have only one file to edit. Not all config files for ftp, SQL and etc.. I was thinking of why tcp wrapper isn't in devil-linux, I thought that there was a another way to limit access for login names. To edit multiple config files everytime there is a new user isn't very handy. Jonathan Gustafson |