Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How to block ssh via /etc/hosts.deny
Operating Systems Linux Red Hat How to block ssh via /etc/hosts.deny Post 302292679 by fpmurphy on Sunday 1st of March 2009 09:15:27 AM
Old 03-01-2009
You have to use TCP wrappers. Assuming you are on RHEL5, sshd comes precompiled with TCP wrappers. You can use ldd to check if your particular sshd has TCP wrapper support, e.g.
Code:
# ldd /usr/sbin/sshd | grep libwrap
        libwrap.so.0 => /lib64/libwrap.so.0 (0x00002b14120a7000)

Note that access rules in /etc/hosts.allow are applied first i.e. they take precedence over rules specified in /etc/hosts.deny. Therefore, if access to a service is allowed in /etc/hosts.allow, a rule denying access to in /etc/hosts.deny is ignored because libwrap implements a "stop on first match" policy.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

hosts.deny "mailing thing"

Hey people i need a little help here if anyone knows who to separate the mailing users and can i have more then one at the end of the command line please tell me :::This is just an example::: /etc/hosts.deny: tftpd: ALL: (/some/where/safe_finger -l @%h | \ ... (2 Replies)
Discussion started by: beo
2 Replies

2. UNIX for Dummies Questions & Answers

deny ssh from root - how to?

using redhat 7.2 Is it possible to not allow root to ssh into the server remotely, but allow the account that ssh'd in to the box to su to root? This way there is the added security of a hacker needing two passwords to hack your computer, a username/password for a regular account and also the... (3 Replies)
Discussion started by: theDirtiest
3 Replies

3. UNIX for Dummies Questions & Answers

hosts.allow & hosts.deny

Hi! Im trying to use host.allow & host.deny to resrtic access to my sun machine, but it doesnt seem to work... I want to allow full access from certain IPīs (ssh,http,ftp,etc...) but deny all kind of conections from outsideworld, the way that im doing that is: hosts.allow ALL:127.0.0.1... (2 Replies)
Discussion started by: Sorrento
2 Replies

4. Shell Programming and Scripting

How to setup SSH between 4 hosts ?

Hi, I logged into h0011awe server. I am executing a script on this server which connects to other 3 hosts (h0022sam, h0033jar, h0044orc). In the script the command are like this orapmon=`ssh $USR@$host ps -ef|grep -v grep|grep pmon` I am using secured shell. How to setup that between these... (2 Replies)
Discussion started by: dreams5617
2 Replies

5. UNIX for Dummies Questions & Answers

Hosts.allow and hosts.deny

Hello everyone, This is my first posts and I did search for a questions but did not find a question that answered my question unless of course I overlooked it. I'm running Solaris 8. I use ssh for the users but I have a user called "chatterbox" that uses telnet but I need for chatterbox to... (1 Reply)
Discussion started by: huddlestonsnk
1 Replies

6. AIX

/etc/hosts via ssh

Hi, I want to change the /etc/hosts file on the hmc. I am connecting via ssh but any vi command is not allowed. Can someone please let me know how to do this? Many Thanks. Kees (23 Replies)
Discussion started by: KeesH
23 Replies

7. UNIX for Dummies Questions & Answers

Hosts.deny entry

Hello I want to block individuals who attempt to use ssh to loggon to one of my machines from a certain IP address. I added the following entry in hosts.deny. Will the entry do what I want to do? ssh: 202.111.128.225 (3 Replies)
Discussion started by: mojoman
3 Replies

8. UNIX for Advanced & Expert Users

how to check if I'm allowed to ssh several hosts.

Hi guys! I'm working on a little script. I have a txtfile with several hosts, Unix team has copied my keys into several of those servers, but not all of them, I need to figure out which ones I don't have access to, (I want a list of servers I don't have access to, so I can request for it). This... (1 Reply)
Discussion started by: erick_tuk
1 Replies

9. AIX

aix tcp wrappers hosts.allow hosts.deny?

hi all just installed the netsec.options.tcpwrapper from expansion pack, which used to be a rpm, for my aix 6.1 test box. it is so unpredictable. i set up the hosts.deny as suggested for all and allow the sshd for specific ip addresses/hostnames. the tcpdchk says the hosts allowed and... (0 Replies)
Discussion started by: wf201626
0 Replies

10. UNIX for Dummies Questions & Answers

/etc/hosts.deny

Hi there, For /etc/hosts.deny was it used to deny access from the internet? (2 Replies)
Discussion started by: alvinoo
2 Replies

LEARN ABOUT NETBSD

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

     /etc/ssh/ssh_host_dsa_key-cert.pub
     /etc/ssh/ssh_host_ecdsa_key-cert.pub
     /etc/ssh/ssh_host_rsa_key-cert.pub
	     If these files exist they are assumed to contain public certificate information corresponding with the private keys above.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								  August 31, 2010							       BSD
All times are GMT -4. The time now is 02:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy