On Thu, 3 Jun 2004 11:52:07 +0200, Gerard scribbled:

> On Thu, 03 Jun 2004 10:00:48 -0700, Reply-Via-Newsgroup Thanks scribbled:
>
>> Folks,
>>
>> I have tried reading the 'man' page on ssh and attempted to configure
>>
>> /etc/ssh/hosts.equiv
>> .shosts
>>
>> to only permit access to the server from a select number of IP addresses
>> however it doesn't work (meaning access is permitted from all IP
>> addresses regardless of origin).
>>
>> I just placed the IP addresses in the above files - Can someone provide
>> me with some examples or suggest where I am going wrong?
>>
>> Please reply via the newsgroup so all can learn,
>>
>> Thanks in advance,
>> Randell D.
>
> Randell,
>
> There's a set of files, called hosts.allow and hosts.deny in the /etc
> directory that govern access from the outside world to services on your
> server.
>
> The best policy for those files is to deny access to everyone and allow
> access to restricted ip's. To do that, add a line to hosts.deny like:
>
> ALL: ALL
>
> This means that all services are denied from everyone. (hey, that's
> excactly what we wanted! ;)
>
> Then, in the hosts.allow file add lines to allow certain types of access to
> specified ip's:
>
> ALL: localhost
> ALL: myn.et.wo.rk/255.255.255.0
>
> service1: all.owe.dip.no1
> service2: all.owe.dip.no1
>
> etcetera, ymmv
>
> the general syntax of these lines is:
>
> daemon_list : client_list [ : shell_command ]
>
> where:
> daemon_list is a list of one or more daemon process names (argv[0] values)
> or wildcards (see below).
>
> client_list is a list of one or more host names, host addresses, patterns
> or wildcards (see below) that will be matched against the client host name
> or address.
>
> As you can see, you can also add a shell-command to be able to do all kinds
> of things in case of access, for example log access (attempts).
>
> HTH

Oh, well, AAMOF I forgot to mention that thsi worked in the way I described
in a fairly standard (as in: I didn't fumble around with it too much)
Redhat distribution.

cu

--
GerardLinux ay tee filternet dee oo tee ann el

ACHTUNG!!
Das machinen is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der spingenwerk, blowenfusen und corkenpoppen mit spitzensparken.
Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren
keepen handen in das pockets. Relaxen und vatch das blinkenlights!!!