Re: [Fed-Talk] TCP Wrappers
Re: [Fed-Talk] TCP Wrappers
- Subject: Re: [Fed-Talk] TCP Wrappers
- From: Allan Marcus <email@hidden>
- Date: Mon, 30 Mar 2009 11:49:14 -0600
In your sshd_config file you can add the networking as well as a
username to the AllowUsers:
AllowUsers email@hidden
You can use wildcards
AllowUsers allan@*.mycompany.com allan@*.yourcompany.com
You might even be able to use:
AllowUsers allan joe *.mycompany.com
This would allow allan and joe to ssh in from any computer in the
mycompany.com domain. I'm not sure about this one.
---
Thanks,
Allan Marcus
505-667-5666
On Mar 27, 2009, at 11:06 AM, Jerry Roy wrote:
I have a 10.5.6 desktop system attached to the DREN and it gets
hammered every night by brute force ssh attacks. I’ve edited the
sshd_config to enable login only by two local users and have
hosts.allow edited to include several networks from which the two
users might approach. Hosts.deny is fully populated yet access to
the machine is disallowed upon authentication...that is to say
TCPwrappers is not functioning properly. My /System/Library/
LaunchDaemons/ssh.plist is as follows:
c<plist version="1.0">
<dict>
<key>Label</key>
<string>com.openssh.sshd</string>
<key>Program</key>
<string>/usr/libexec/tcpd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/sshd-keygen-wrapper</string>
<string>-i</string>
<snip>
Can someone help me identify what I’m missing on this box? The
exact same config works as expected on all my other boxes.
BR
Jerry
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden