You are not logged in.
Pages: 1
Denyhosts is adding some IPs to the hosts.deny file as expected. However these IPs are still allowed to access ssh.
I've trying adding my own IP address to the file but still I could access to ssh and login, etc. I've also tested with other people and none of them was blocked. My hosts.allow file is empty and my hosts.deny is in the following form:
ALL: xxx.xxx.xxx.xxx
The only way to block access to ssh is adding this line to hosts.deny:
ALL: ALL
Thanks in advance for any help.
Offline
Read up...
Offline
I've read it before posting. What am I missing?
Offline
what am i missing?
15.2.3.2. Access Control
Option fields also allow administrators to explicitly allow or deny hosts in a single rule by adding the allow or deny directive as the final option.
For instance, the following two rules allow SSH connections from client-1.example.com, but deny connections from client-2.example.com:
sshd : client-1.example.com : allow
sshd : client-2.example.com : denyBy allowing access control on a per-rule basis, the option field allows administrators to consolidate all access rules into a single file: either hosts.allow or hosts.deny. Some consider this an easier way of organizing access rules.
maybe u could try this? or maybe double check this...
If the last line of a hosts access file is not a newline character (created by pressing the [Enter] key), the last rule in the file will fail and an error will be logged to either /var/log/messages or /var/log/secure. This is also the case for a rule lines that span multiple lines without using the backslash.
in other words, press 'enter' twice after u enter the last rule.
Last edited by jacko (2008-02-13 16:08:02)
Offline
I've tried the two things you suggested without success
Any other idea?
Thanks for your help.
Offline
did u check the logs? probably the next place to start, logically.
Offline
I don't know if this will fix your problem or not, but it's worth a try.
I have found that if you leave the following line in /etc/ssh/sshd_config at the default value of:
ListenAddress 0.0.0.0
in some cases this will cause tcpwrapper to ignore any commands in ssh, hosts.deny, and hosts.allow.
I always set ListenAddress to the local static IP address assigned to eth0 for that computer. In other words, you are telling the sshd Daemon to only listen for incoming messages with the IP address of this computer, and ignore any incoming messages with any other IP address. I set it as follows:
ListenAddress 192.168.0.X
Here is a tutorial I wrote on SSH and SSHFS that could possibly give you some other things to try.
HTH
Pudge
Offline
Pages: 1