You are not logged in.
Hello,
I would like to secure SSH more so than it already is (root is off, login attempts are limited). I still get people from Holland and Thialand trying to get in, and would like to limit access to local public libraries and my cable company (the ranges I have already figured out). I have found some stuff on google already but would like to know fellow Archers ideas or what they have implemented.
Currently all access in the hosts.allow file is allowed (I run several other local and Internet wide services). I use my routers firewall to do the firewalling of my services but it won't allow me to set hosts.
Any help would be greatly appreciated, thank you.
--
JSkier
Offline
Why not just restrict access specifically for <code>sshd</code> in your <code>hosts.allow</code> file? That way your other services won't be effected. Mine, for instance, looks something like this:
#
# /etc/hosts.allow
#
# Allow ssh access to the local network
sshd: 192.168.1.0/255.255.255.0
# Restrict outside SSH access to Purdue University IP addresses
sshd: 128.210.0.0/255.255.0.0
sshd: 128.211.0.0/255.255.0.0
# End of file
If you're having numerous break-in attempts, I've also found that denyhosts is extremely effective and easy to set up. It's available in the extra repo.
Offline
I setup the denyhosts app, sounds promising. Upon running it I got a good deny list already, I'll see how that holds up. Thanks for the heads up on that.
--
JSkier
Offline
Interesting. Have recently seen an old Red Hat server with syntax:
sshd: 192.168.1.0/255.255.255.0: ALLOW
But this syntax doesn't work with Arch (must omit ': ALLOW'). Why?
sshd: 192.168.1.0/255.255.255.0
.
Offline
That's a good question Solo...especially considering the deny file uses that syntax:
#
# /etc/hosts.deny
#
ALL: ALL: DENY
# End of file
Have you tested it with the "<code>: ALLOW</code>" in there and had it fail? I would think it would be fine. Perhaps it just assumes that based on the file name (<code>hosts.allow</code> versus <code>hosts.deny</code>)?
Offline
Red Hat hosts.allow:
sshd: 71.92.136.60: ALLOW << chg. to protect... me!
sshd: 192.168.1.: ALLOW
sshd: localhost: ALLOW
sshd: ALL: DENY
Red Hat hosts.deny:
<EMPTY>
Arch hosts.allow:
sshd: 71.92.136.60
sshd: 192.168.0.0/255.255.255.0
sshd: localhost
Arch hosts.deny:
sshd: ALL: DENY
After much messing about with Arch, the above is what finally worked -- having "borrowed" my Red Hat setup from a two-year-old box. Perhaps tpc wrapper has changed in two years?
I just remember it working, right after I removed the ': ALLOW' text, and then I just moved on. Also remember removing the text because of an example I fond in Arch Forums.
.
Offline