Fedora's SSH
Vincent
pros-n-cons at bak.rr.com
Tue Feb 24 05:18:16 UTC 2004
On Mon, 23 Feb 2004 23:39:35 -0500
James Drabb <JDrabb at tampabay.rr.com> wrote:
> On Mon, 2004-02-23 at 23:02, Vincent wrote:
> > On Mon, 23 Feb 2004 22:12:20 -0500
> > James Drabb <JDrabb at tampabay.rr.com> wrote:
> >
> > > Do I need to do anything special to allow hosts outside of my home
> > > network to SSH in? I am running SSH on port 21 and have opened port 21
> > > on my Linksys router/firewall. However, I cannot connect from my work
> > > to home. I am using port 21 because the silly MS Admins where I work
> > > have port 22 blocked, yet they allow telnet.
> > >
> > > I can ssh on my home computer using my public IP and it connects just
> > > fine. Do I need to add entries to /etc/hosts.allow?
> >
> > Maybe. append
> > sshd: 168.1.1.1.1 sect.mydomain.com
> > or sshd: ALL
> > to your hosts.allow file, plus double check iptables.
> > If when you try to connect the response is 'connection refused' most likely
> > its a tcp wrap problem.
>
> I though tcp wrappers was only used on xinetd started apps? I run SSH
> standalone on startup.
Not exactly, xinitd has its own host based access controls so applications
need not worry about compiling in support. xinitd.conf is where AC's are put in.
libwrap (tcpwrappers) is a library that can be compiled into any application.
#ifdef USE_LIBWRAP
#include <tcpd.h>
so the equivilant to ALL:ALL in /etc/hosts.deny is 'no_access = 0.0.0.0' in /etc/xinitd.conf
>
> I put the sshd: ALL entry into hosts.all and will give it a shot
> tomorrow.
>
> Thanks,
>
> Jim Drabb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040223/770b88f9/attachment-0001.sig>
More information about the fedora-list
mailing list