Mailing List Archive

Rayid Bahabri wrote:
> Hi there,
>
> I'm having problems configuring the (sshd). I'm following the
> security guide of Gentoo {
> http://www.gentoo.org/doc/en/gentoo-security.xml} Actually there are
> two problems.
>
> Problem I:
> When I set {ListenAddress 127.0.0.1}
> I can't connect to the ssh any more! What is wrong?

You can if you do ssh localhost. This is the host on which sshd should
listen on. It seems weird to say the least (useless) to run sshd
listening only on localhost but for some security concept that eludes me.
IMO if you want host filtering set it to listen on 0.0.0.0 (accept
connections from everywhere) and filter everything in the firewall (you
could do both). You can allow new connections from a certain IP addr
after you receive a specially crafted ICMP (ping) packet. This is
usefull if you move around. I don't so I allow 3 hosts to connect to
port 22 (key autentification only of course). It's also considered a
security measure to change the listening port.

>
> Problem II:
> There is no AllowHosts in the SSHD_CONFIG(5) manual! However it's
> there in the guide. Any ideas!
>

from `man sshd`

/etc/hosts.allow, /etc/hosts.deny
Access controls that should be enforced by tcp-wrappers are
defined here. Further details are described in
hosts_access(5).


>
> Respectfully,
> • Rayid R. Bahabri
>
> --
> gentoo-user@gentoo.org mailing list
>
>
>
>


-- Adi

--
gentoo-user@gentoo.org mailing list