On Mon, Jun 24, 2002 at 07:32:45PM -0700, justin cunningham wrote: > If I wanted to restrict ssh to only listen for my office's ip until it > gets patched how do I do this? I tried editing sshd_config and putting > my office ip as the listenaddress but it didn't work. What did I do > incorrectly?
Debian's sshd knows about libwrap, so you can block people out like so: /etc/hosts.deny: sshd: ALL /etc/hosts.allow: sshd: hosts_that_you_want_to_be_able_to_connect Now, whether this stops the exploit that Theo's bragging about, who knows? No one knows the particulars of it yet. :( It's probably a good idea to always be restricting who can connect to those you WANT to be connecting, in any case. You could also do it with ipchains/iptables, and only let the IP's through that you wanted through. -- Marc Wilson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
