[nycbug-talk] Re: OpenSSH and hosts.allow/hosts.deny

csnyder chsnyder
Sun Nov 7 17:15:37 EST 2004

On Sat, 6 Nov 2004 21:59:39 -0500, a nice bug <nycbug at hastek.com> wrote:
> G. Rosamond:
> > A few weeks ago, Chris asked it you could explicitly block or allow by
> > ip for OpenSSH.

Really, my question was whether you can block or allow IP addresses by
login class, when the login is processed by sshd.

The goal was to disallow ssh login from external IPs for students
only. Instructors and administrators would still be allowed to connect
from anywhere.

It's certainly not a show-stopper, since students are given an scponly
shell. I could use a custom port and block it at the firewall. But
since there's already this handy login class mechanism I was surprised
to find that FreeBSD's port of OpenSSH didn't respect it.

More information about the talk mailing list