You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2007-07-04 02:02:06
- _adam_
- Member
- From: Dora, Alabama
- Registered: 2006-05-18
- Posts: 94
quick sshd configuration question
in /etc/ssh/sshd_config, should the line:
ListenAddress 0.0.0.0be changed to the address which eth0 is configured to? e.g. 192.168.1.2?
it works with 0.0.0.0 but i've heard that sshd will ignore tcpwrappers if left at 0.0.0.0
Offline
#2 2007-07-04 02:46:53
- cactus
- Taco Eater
- From: t͈̫̹ͨa͖͕͎̱͈ͨ͆ć̥̖̝o̫̫̼s͈̭̱̞͍̃!̰
- Registered: 2004-05-25
- Posts: 4,622
- Website
Re: quick sshd configuration question
if you do 0.0.0.0. ssh will listen on all addresses (like for each interface). If you put in a single address, it just binds to that ip.
"Be conservative in what you send; be liberal in what you accept." -- Postel's Law
"tacos" -- Cactus' Law
"t̥͍͎̪̪͗a̴̻̩͈͚ͨc̠o̩̙͈ͫͅs͙͎̙͊ ͔͇̫̜t͎̳̀a̜̞̗ͩc̗͍͚o̲̯̿s̖̣̤̙͌ ̖̜̈ț̰̫͓ạ̪͖̳c̲͎͕̰̯̃̈o͉ͅs̪ͪ ̜̻̖̜͕" -- -̖͚̫̙̓-̺̠͇ͤ̃ ̜̪̜ͯZ͔̗̭̞ͪA̝͈̙͖̩L͉̠̺͓G̙̞̦͖O̳̗͍
Offline
#3 2007-07-04 16:32:56
- Pudge
- Arch Linux f@h Team Member
- Registered: 2006-01-23
- Posts: 300
Re: quick sshd configuration question
Yes, ListenAddress 0.0.0.0 does interfere with tcpwrappers.
Now that you have ssh working, if you have multiple Linux computers on your home LAN, be sure to install sshfs and play around with it. For a home network, sshfs is really cool.
Pudge
Last edited by Pudge (2007-07-04 16:50:10)
Offline
#4 2007-07-05 08:03:11
- _adam_
- Member
- From: Dora, Alabama
- Registered: 2006-05-18
- Posts: 94
Re: quick sshd configuration question
Actually from the testing i have done, leaving sshd(4.6p1-4) at 0.0.0.0 doesn't bypass tcp_wrappers(7.6-6). At first I thought it was because denyhosts was adding bad IPs in hosts.deny but the crackers were still hammering away at my machine. It turned out to be a faulty configuration.
My solution for any other newbies out there: I learned that hosts_access files don't work like I thought they did. I had "sshd: ALL: ALLOW"(since I never know where I might be connecting from) in my /etc/hosts.allow file with denyhosts adding bad IPs in hosts.deny. My first impression was that tcp_wrappers checks hosts.allow and THEN checks hosts.deny, but I have since learned thats not true. If it finds a match in hosts.allow, it just lets it on through. My solution was simple enough though: Remove my sshd line from hosts.allow, then comment out the "ALL: ALL: DENY" line in hosts.deny and replace it with "ALL EXCEPT sshd: ALL: DENY". Now the crackers are stopped immediately after denyhosts scans the logs and adds the ip to hosts.deny.
Now that you have ssh working, if you have multiple Linux computers on your home LAN, be sure to install sshfs and play around with it. For a home network, sshfs is really cool.
ha I've actually been using ssh for a while but I just recently realized I had left myself wide open for dict attacks 
. Luckily though no one ever got in thanks to a locked down sshd_config.
Offline
Pages: 1