[HPADM] Re: Restricted IP for SSH connections

From: Eric Berg (eberg@siac.com)
Date: Tue Feb 22 2005 - 10:31:07 EST

tcp_wrappers is just right for this. It'll allow you to specify specific
hosts/ranges/users to allow to access services on a host.

A line like this in /etc/hosts.allow would restrict access to just your
192.168.0 hosts:

sshd: 192.168.0.0

You may also need to specify the default stance for tcp_wrappers, which
should be to deny everything that is not explicitly allowed. There are
some differences in which config files are required between versions of
tcp_wrappers, but generally, an entry like the following in /etc/hosts.deny
will do this:

ALL: DENY

-Eric.

Eric Berg
SIAC Unix System Support

                                                                                                                             
                      jy torres
                      <john_yves_torres@y To: hpux-admin@dutchworks.nl
                      ahoo.com> cc: (bcc: Eric Berg/SIAC)
                      Sent by: Subject: [HPADM] Restricted IP for SSH connections
                      hpux-admin-owner@du
                      tchworks.nl
                                                                                                                             
                                                                                                                             
                      02/21/2005 11:45 AM
                                                                                                                             
                                                                                                                             

Hi all

In an HP-UX 11i environnement, for security purposes, I
need to set up this (bcoz I can figure out how to do it in
sshd_config) :
- SSH connections allowing root access, just permitted on
a panel of restricted IP addresses (192.168.*).

TIA
regards

=====
Cordialement, Kind regards, Yours sincerely
+33[0]-613-477-747 Fax : 1-425-740-1864
JY Torres - Systems Consultant in Unix production environments
***
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you have
received it in error, please notify the sender immediately and delete the
original. Any other use of the email by you is prohibited.

__________________________________
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo 

--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact
majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner:
owner-hpux-admin@dutchworks.nl
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse
only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse &
search)
-----------------------------------------
This message and its attachments may contain  privileged and confidential
information.  If you are not the intended recipient(s), you are prohibited
from printing, forwarding, saving or copying this email.  If you have
received this e-mail in error, please immediately notify the sender and
delete this e-mail and its attachments from your computer.
--
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 11:02:46 EDT