Mailing List Archive

> -----Original Message-----
> From: Alessandro Semeria [mailto:asemeria@spymac.com]
> Sent: Friday, October 08, 2004 12:30 PM
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] sshd ListenAddress and security
>
>
> I added to sshd_config the keyword
> "ListenAddress 127.0.0.1" as wrote on
> Gentoo Linux Security Guide, but
> this configuration made impossible
> a remote login.
> Normally I use a dsa key to login from a
> remote box.
> Any suggestion?

Make sure root logins aren't allowed, set the port for SSH to something
other than 22 for starters.

I'm sure there are lots of other good things to do.

--
gentoo-user@gentoo.org mailing list

On Fri, 8 Oct 2004 18:30:07 +0200, Alessandro Semeria
<asemeria@spymac.com> wrote:
> I added to sshd_config the keyword
> "ListenAddress 127.0.0.1" as wrote on
> Gentoo Linux Security Guide, but
> this configuration made impossible
> a remote login.
> Normally I use a dsa key to login from a
> remote box.
> Any suggestion?

you're telling sshd to only listen on your loopback address which will
prevent any remote connections. ListenAddress is useful only if you
have multiple ip adresses and you want to restrict which adresses you
can connect to. for example, i've got a computer at work which is on
both the lan and the internet (192.168.0.50 for lan and say
123.123.123.123 for internet). if i wanted to restrict ssh access to
the lan, i would use "ListenAddress 192.168.0.50". this would prevent
ssh connections coming in on the 123.123.123.123 address.

--
trey

--
gentoo-user@gentoo.org mailing list