[CentOS] ssh attack
Steve Bergman
steve at rueb.com
Mon Feb 13 23:13:27 UTC 2006
John Merritt wrote:
>
> I tried to secure ssh better by putting in an AllowUsers line in
> sshd_config. Then I thought tcp wrappers and just putting in my own
> addresses in /etc/hosts.allow would be even better, until I found out
> that all mail to my email server would be rejected.
>
There should be no problem here. Just disallow everything in
/etc/hosts.deny and then enable particular ip addresses for sshd. And
also enable the appropriate addresses for other services that you want
to be available to various IP addresses. You can use the word ALL to
indicate no restriction. e.g.:
sendmail:ALL
man hosts.allow should get you the information that you need.
But if you are remote to the machine, be careful you don't lock yourself
out!
-Steve
More information about the CentOS
mailing list