|
Home > Archive > Unix questions > June 2007 > SSH AllowHosts directives
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSH AllowHosts directives
|
|
| chsalvia@gmail.com 2007-06-03, 1:20 am |
| I'm trying to secure my system so that only LAN access to SSH is
possible. I've read from numerous sources that this is achieved
simply by adding an AllowHosts directive into the sshd_config file.
So I added:
AllowHosts 192.168.1.110
Then when I restart the ssh daemon, it says:
Bad configuration option: AllowHosts
Can anyone explain why ssh doesn't recognize the AllowHosts
directive? Do I have the syntax wrong somehow?
| |
| Bill Marcum 2007-06-03, 1:20 am |
| On Sun, 03 Jun 2007 03:23:58 -0000, chsalvia@gmail.com
<chsalvia@gmail.com> wrote:
>
>
> I'm trying to secure my system so that only LAN access to SSH is
> possible. I've read from numerous sources that this is achieved
> simply by adding an AllowHosts directive into the sshd_config file.
>
> So I added:
>
> AllowHosts 192.168.1.110
>
> Then when I restart the ssh daemon, it says:
>
> Bad configuration option: AllowHosts
>
> Can anyone explain why ssh doesn't recognize the AllowHosts
> directive? Do I have the syntax wrong somehow?
>
Perhaps it depends on the specific version of sshd, but I don't see
AllowHosts in the man page of sshd_config or ssh_config. This is on
Ubuntu Dapper with the openssh server and client packages.
--
Misuse may cause suffocation.
| |
| Stephen M. Dunn 2007-06-03, 1:22 pm |
| In article <d6t9j4-orf.ln1@don.localnet> Bill Marcum <marcumbill@bellsouth.net> writes:
$Perhaps it depends on the specific version of sshd, but I don't see
$AllowHosts in the man page of sshd_config or ssh_config.
Me neither. Typing "allowhosts" into Google turns up an answer:
this is apparently a directive that can be used with ssh.com's ssh
server, which is a commercial package and different from openssh.
If the original poster is using openssh, that would explain it.
If the goal is to allow hosts inside the firewall to connect via
ssh and block hosts outside the firewall, it would be better to configure
the firewall not to allow ssh connections from the outside world.
But if you want to do it within sshd, or if you need finer granularity
than your firewall can provide (e.g. if you want to allow only certain
internal hosts while blocking others), you might use a Match Address
directive so that you can apply different settings (e.g. AllowUsers *
for your internal network or DenyUsers * for the rest of the world),
or wrap sshd with tcp_wrappers (but see the sshd man page for a warning
about efficiency in this case).
--
Stephen M. Dunn <stephen@stevedunn.ca>[vbcol=seagreen]
------------------------------------------------------------------
Say hi to my cat -- http://www.stevedunn.ca/photos/toby/
|
|
|
|
|