[rescue] SGI fw_sshd and security

Meelis Roos mroos at linux.ee
Fri Mar 5 11:39:26 CST 2004

> In any case, I'd certainly like to restrict the IP addresses from whic I'll
> accept connections, as there are certain parts of the world I'd prefer _had_
> no IP addresses, since all I get from there is crap.
> So ... how do I do this?

1. If your sshd has been compiled with tcp_wrappers supprt, just use
hosts.dallow/hosts.deny. This seems pretty secure since the IP matching
is done before any protocol parsing.

2. Use your favourite firewall rules to select which IP-s can/cannot
access port 22 on your SGI.

Meelis Roos (mroos at linux.ee)

More information about the rescue mailing list