 |
|
Configuring SSH Secure Shell for TCP Wrappers Support
To enable usage of TCP Wrappers with SSH Secure Shell, perform
the following operations:
- If SSH Secure Shell was previously installed from
binaries, you may want to uninstall it before continuing.
- Compile the source code:
./configure --with-libwrap
make
Then, become root and run
make install
Note: If configure does not find
libwrap.a - Create or edit the
/etc/hosts.allow
and /etc/hosts.deny files.
When a user tries to connect to the SSH Secure Shell server,
the TCP wrapper daemon (tcpd/etc/hosts.allow file for a rule that matches the
client's hostname or IP. If /etc/hosts.allow does not
contain a rule allowing access, tcpd reads
/etc/hosts.deny for a rule that would deny access. If
neither of the files contains an accept or deny rule, access is
granted by default.
The syntax for the /etc/hosts.allow and
/etc/hosts.deny files is as follows:
daemon : client_hostname_or_IP
The typical setup is to deny access to everyone listed in the
/etc/hosts.deny file. (This example shows both ssh1 and
ssh2.)
sshd1: ALL
sshd2: ALL
sshdfwd-X11 : ALL
or simply
ALL: ALL
And then allow access only to trusted clients in the /etc/hosts.allow:
sshd1 : trusted_client_IP_or_hostname
sshd2 : .ssh.com foo.bar.fi
sshdfwd-X11 : .ssh.com foo.bar.fi
Based on the /etc/hosts.allow file above, users coming
from any host in the ssh.com domain or from the host
foo.bar.fi are allowed to access.
[Contents]
[Index]
[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]
Copyright © 2003 SSH Communications Security Corp.
All rights reserved.
Copyright Notice
|
|
|
