[TriLUG] Limit ssh access

Kevin Hunter khunter at rhoworld.com
Tue Jan 22 09:20:17 EST 2002


I'm seeing a lot of conflicting tips on the net on how to limit who
can ssh into my linux ( RH 7.2 ) box.  Maybe it's my general level of
inexperience, but there doesn't seem t/b a consensus on this.  I've
read that I should use tcp_wrapper, and that I cannot use tcp_wrapper
( I start sshd through a rc.d script, not from inetd/xinetd ).  I've
seen reference to use "AllowGroups/AllowUsers" in the sshd_config
file and I've seen comments that you can't use this w/ any version of
openssh after 1.2 ( I have openssh 2.9p2-7 ).

I would greatly appreciate a recommendation from one of the seasoned
professionals on this list.

Does tcp_wrapper only work w/ daemons started w/in the inetd/xinetd
framework, or will it work w/ other tcp services started from
/etc/rc.d/init.d/ ??

Thx!!

KH




More information about the TriLUG mailing list