You are not logged in.
I want to configure my hosts.allow file to restrict access to sshd to my school's computer labs, which are in a range, for example, 12.34.*
The wiki said I could do this with:
sshd: 12.34.0.0/255.255.0.0
When I do this, nobody can access sshd. However, I change it back to reading:
sshd: ALL
and after that it's happy and lets anyone connect. I have also tried entering the individual IP in there, which also doesn't seem to work.
I don't understand why it only works when sshd: ALL is in there. Any ideas from anyone?
Offline
ALL means anyone call log in so that's no good.
Try sshd: 123.456.168.10 234.456.678.9 where each ip address is separated by a space. I have that in one of my systems in a very large network and it works like a charm
Offline
man 5 hosts_access
is probably what you are looking for
Offline
Try
sshd: 12.34.
(Note the final '.')
larch: http://larch.berlios.de
Offline
um, the 1234 is an example, you need to replace it with your own network's address.
Offline
Thanks, but I think there's something deeper than me messing up the hosts.allow file. I tried all of the suggestions, and no positive results. Is there any other config file or program that might need to be adjusted? I don't think my problem is with my sshd_config or anything, because when I use 'ALL', it allows me to ssh in.
Offline
Could be related to this thread: /etc/hosts.deny ignored
It looks like there might have been a couple configuration changes lately that aren't quite ironed out yet?!?
Offline
Are you running a firewall that has rules precluding the network from "talking" to your machine?
Offline
ralvez - I don't have a firewall running. If you read the post, the behavior I'm getting would be tough to explain with a firewall anyways, as I can connect from that network when using sshd : all but not using sshd : 12.34. or sshd : 12.34.0.0/255.255.0.0
Elasticdog - Thanks, that thread could lead to some information related to my case.
EDIT: I guess I didn't specify that I was able to connect from that network when sshd : ALL was enabled. I apologize ralvez, didn't mean to sound rude.
Offline
For comparison, try
ALL: 12.34.0.0/255.255.0.0
and see what you get. That's what I use on my LAN, because I connect with other apps as well as ssh.
Offline
Nope, didn't work. I guess I should set up a firewall instead of trying to figure out what's wrong with hosts.allow. I was planning to do that anyway, but a guy I know on the same network has Arch and this hosts.allow worked for him.
Offline
New info: I finally checked my logs and found this entry for my failed attempts:
Sep 14 16:55:25 logan sshd[2770]: refused connect from 0.0.0.0
Does this imply a problem with my sshd_config? I mean, it should tell me which IP it was denying instead of this 0.0.0.0 right?
Offline
Possibly you've set ListenAddress to 0.0.0.0 ?
Try adding changing your hosts.allow files to contain
sshd : 127.0.0.1
sshd : your.full.ip
About the netmask, I'm not sure how ssh will interpret that, but perhaps it's possible that he classes 255.255.0.0 as a b-mask and 255.255.255.0 as a dmask.
From what I understand you can specify an ip like:
123.123.123.
and everything 123.123.123.[0-255] will be accepted. Perhaps that works with netmask as well: 255.255.
It's worth a try
Offline