[rescue] SGI fw_sshd and security
mroos at linux.ee
Fri Mar 5 11:39:26 CST 2004
> In any case, I'd certainly like to restrict the IP addresses from whic I'll
> accept connections, as there are certain parts of the world I'd prefer _had_
> no IP addresses, since all I get from there is crap.
> So ... how do I do this?
1. If your sshd has been compiled with tcp_wrappers supprt, just use
hosts.dallow/hosts.deny. This seems pretty secure since the IP matching
is done before any protocol parsing.
2. Use your favourite firewall rules to select which IP-s can/cannot
access port 22 on your SGI.
Meelis Roos (mroos at linux.ee)
More information about the rescue