Date: Fri, 18 Apr 2008 11:15:58 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: Gilles <gilles.ganault@free.fr> Subject: Re: [SSHd] Limiting access from authorized IP's Message-ID: <200804181115.59498.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com> References: <2tng04doovnmtkr7or9kfkb596fgjfoj1c@4ax.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 18 April 2008 10:51:45 Gilles wrote:
> 1. I'd like to limit connections from the Net only from specific IP's.
> It seems like there are several ways to do it (/etc/hosts.allow,
> AllowHosts/AllowUsers, TCP-wrapper, port-knocking, etc.). Which would
> you recommend?
hosts.allow == TCP wrapper.
I recommend firewall, with hosts.allow backup. In the event the firewall gets
disabled, hosts.allow takes over.
Note though, that with setups like this, you will have to call someone to add
your IP to the lists, when your IP changes or you're on a location you didn't
think you'd need access from.
I personally prefer sshd to be world accessible and block scans, since I
consider being locked out of the machines a security risk as well...
> 2. Although it's up and running, I can't find SSHd in the list of
> installed apps:
>
> $ which sshd
>
> /usr/sbin/sshd
It's not a port, comes with the base system.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804181115.59498.fbsd.questions>