From: Heiko Z. <hz...@pr...> - 2003-08-06 12:32:10
|
Hey Taco, On 08/06/2003 05:28:17 AM "Taco Scargo" wrote: >Is it me, or am I missing TCP Wrappers in DL ? No you didn't miss it, it's not there. >I would like to use TCP Wrappers to limit access to ssh (and other) >services, but it seems that DL has no TCP Wrapper support ... You can specify this in the sshd_config file. For all other restrictions you should use firewall rules (iptables/netfilter), those are much more secure and allow you much mor= e control. Heiko = |
From: Jonathan G. <jon...@ze...> - 2004-09-17 13:13:05
|
>Hey Taco, >On 08/06/2003 05:28:17 AM "Taco Scargo" wrote: > >Is it me, or am I missing TCP Wrappers in DL ? > >No you didn"t miss it, it"s not there. > >>I would like to use TCP Wrappers to limit access to ssh (and other) >>services, but it seems that DL has no TCP Wrapper support ... > >You can specify this in the sshd_config file. >For all other restrictions you should use firewall rules >(iptables/netfilter), those are much more secure and allow you much more >control. > >Heiko How do you limit access according to login name with iptables rules? For example root can only login from 192.XXX.YYY.ZZZ? Jonathan Gustafson |
From: Bruce S. <bw...@ar...> - 2004-09-17 14:02:18
|
> >You can specify this in the sshd_config file. > >For all other restrictions you should use firewall rules > >(iptables/netfilter), those are much more secure and allow you much more > >control. > > > >Heiko > > How do you limit access according to login name with iptables rules? > For example root can only login from 192.XXX.YYY.ZZZ? You can't specify users in iptables rules, but you can in sshd_config, and you can limit users to certain IP addresses or host names. i.e.: AllowUsers bruce tim ro...@ho... root@192.168.1.1 Which means "bruce" & "tim" can login from anywhere, root can only login from these hosts: host.mydomain.com & 192.168.1.1 and NOBODY ELSE CAN LOGIN via ssh AT ALL. - BS |
From: Jonathan G. <jon...@ze...> - 2004-09-18 08:56:33
|
> > >You can specify this in the sshd_config file. > > >For all other restrictions you should use firewall rules > > >(iptables/netfilter), those are much more secure and allow you much more > > >control. > > > > > >Heiko > > > > How do you limit access according to login name with iptables rules? > > For example root can only login from 192.XXX.YYY.ZZZ? > > You can't specify users in iptables rules, but you can in sshd_config, > and you can limit users to certain IP addresses or host names. i.e.: > > > AllowUsers bruce tim ro...@ho... root@192.168.1.1 > > > Which means "bruce" & "tim" can login from anywhere, > root can only login from these hosts: host.mydomain.com & 192.168.1.1 > and NOBODY ELSE CAN LOGIN via ssh AT ALL. > > - BS that only fixes the problem for ssh. The advantage of tcp wrappers is that you have only one file to edit. Not all config files for ftp, SQL and etc.. I was thinking of why tcp wrapper isn't in devil-linux, I thought that there was a another way to limit access for login names. To edit multiple config files everytime there is a new user isn't very handy. Jonathan Gustafson |