You are not logged in.

#1 2006-09-14 03:37:07

Fire-Ice
Member
From: Indiana
Registered: 2006-09-14
Posts: 8

Configuring hosts.allow for sshd

I want to configure my hosts.allow file to restrict access to sshd to my school's computer labs, which are in a range, for example, 12.34.*

The wiki said I could do this with:

sshd: 12.34.0.0/255.255.0.0

When I do this, nobody can access sshd. However, I change it back to reading:

sshd: ALL

and after that it's happy and lets anyone connect. I have also tried entering the individual IP in there, which also doesn't seem to work.

I don't understand why it only works when sshd: ALL is in there. Any ideas from anyone?

Offline

#2 2006-09-14 03:53:55

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Configuring hosts.allow for sshd

ALL means anyone call log in so that's no good.
Try sshd: 123.456.168.10 234.456.678.9 where each ip address is separated by a space. I have that in one of my systems in a very large network and it works like a charm

Offline

#3 2006-09-14 04:06:03

allucid
Member
Registered: 2006-01-06
Posts: 259

Re: Configuring hosts.allow for sshd

man 5 hosts_access

is probably what you are looking for

Offline

#4 2006-09-14 09:08:17

gradgrind
Member
From: Germany
Registered: 2005-10-06
Posts: 921

Re: Configuring hosts.allow for sshd

Try

sshd: 12.34.

(Note the final '.')

Offline

#5 2006-09-14 10:19:36

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: Configuring hosts.allow for sshd

um, the 1234 is an example, you need to replace it with your own network's address.

Offline

#6 2006-09-14 15:37:06

Fire-Ice
Member
From: Indiana
Registered: 2006-09-14
Posts: 8

Re: Configuring hosts.allow for sshd

Thanks, but I think there's something deeper than me messing up the hosts.allow file. I tried all of the suggestions, and no positive results. Is there any other config file or program that might need to be adjusted? I don't think my problem is with my sshd_config or anything, because when I use 'ALL', it allows me to ssh in.

Offline

#7 2006-09-14 17:06:30

elasticdog
Member
From: Washington, USA
Registered: 2005-05-02
Posts: 995
Website

Re: Configuring hosts.allow for sshd

Could be related to this thread: /etc/hosts.deny ignored
It looks like there might have been a couple configuration changes lately that aren't quite ironed out yet?!?

Offline

#8 2006-09-14 17:13:08

ralvez
Member
From: Canada
Registered: 2005-12-06
Posts: 1,694
Website

Re: Configuring hosts.allow for sshd

Are you running a firewall that has rules precluding the network from "talking" to your machine?

Offline

#9 2006-09-14 17:31:53

Fire-Ice
Member
From: Indiana
Registered: 2006-09-14
Posts: 8

Re: Configuring hosts.allow for sshd

ralvez - I don't have a firewall running. If you read the post, the behavior I'm getting would be tough to explain with a firewall anyways, as I can connect from that network when using sshd : all but not using sshd : 12.34. or sshd : 12.34.0.0/255.255.0.0

Elasticdog - Thanks, that thread could lead to some information related to my case.

EDIT: I guess I didn't specify that I was able to connect from that network when sshd : ALL was enabled. I apologize ralvez, didn't mean to sound rude.

Offline

#10 2006-09-14 19:05:50

tomk
Forum Fellow
From: Ireland
Registered: 2004-07-21
Posts: 9,839

Re: Configuring hosts.allow for sshd

For comparison, try

ALL: 12.34.0.0/255.255.0.0

and see what you get. That's what I use on my LAN, because I connect with other apps as well as ssh.

Offline

#11 2006-09-14 20:39:20

Fire-Ice
Member
From: Indiana
Registered: 2006-09-14
Posts: 8

Re: Configuring hosts.allow for sshd

Nope, didn't work. I guess I should set up a firewall instead of trying to figure out what's wrong with hosts.allow. I was planning to do that anyway, but a guy I know on the same network has Arch and this hosts.allow worked for him.

Offline

#12 2006-09-14 21:02:59

Fire-Ice
Member
From: Indiana
Registered: 2006-09-14
Posts: 8

Re: Configuring hosts.allow for sshd

New info: I finally checked my logs and found this entry for my failed attempts:

Sep 14 16:55:25 logan sshd[2770]: refused connect from 0.0.0.0

Does this imply a problem with my sshd_config? I mean, it should tell me which IP it was denying instead of this 0.0.0.0 right?

Offline

#13 2006-09-14 21:36:57

toxic
Member
Registered: 2006-06-05
Posts: 117

Re: Configuring hosts.allow for sshd

Possibly you've set ListenAddress to 0.0.0.0 ?

Try adding changing your hosts.allow files to contain
sshd : 127.0.0.1
sshd : your.full.ip

About the netmask, I'm not sure how ssh will interpret that, but perhaps it's possible that he classes 255.255.0.0 as a b-mask and 255.255.255.0 as a dmask.
From what I understand you can specify an ip like:
123.123.123.
and everything 123.123.123.[0-255] will be accepted. Perhaps that works with netmask as well: 255.255.
It's worth a try wink

Offline

Board footer

Powered by FluxBB