[nycbug-talk] ssh config question

Mikel King mikel.king
Mon Oct 3 11:34:13 EDT 2005


On Oct 3, 2005, at 11:15 AM, Steve Rieger wrote:

>
> On Oct 3, 2005, at 11:09 AM, Mikel King wrote:
>
>
>>
>> On Oct 3, 2005, at 11:01 AM, Steve Rieger wrote:
>>
>>
>>
>>> hi all
>>>
>>> among the many options is there a way i can tell sshd_config to  
>>> only allow connections from a certain ip address.
>>>
>>>
>>>
>>
>> IPFW... or some other firewally type method is probably the best  
>> way...
>>
>
> i do not want to start up a firewall if there is any other way.
>
> is there no accept from like there is in postfix for relay ?
>


There is this form the man page...

      HostbasedAuthentication
              Specifies whether rhosts or /etc/hosts.equiv  
authentication
              together with successful public key client host  
authentication is
              allowed (hostbased authentication).  This option is  
similar to
              RhostsRSAAuthentication and applies to protocol version  
2 only.
              The default is ``no''.

      HostKey
              Specifies a file containing a private host key used by  
SSH.  The
              default is /etc/ssh_host_key for protocol version 1, and
              /etc/ssh_host_rsa_key and /etc/ssh_host_dsa_key for  
protocol ver-
              sion 2.  Note that sshd will refuse to use a file if it is
              group/world-accessible.  It is possible to have  
multiple host key
              files.  ``rsa1'' keys are used for version 1 and  
``dsa'' or
              ``rsa'' are used for version 2 of the SSH protocol.


Cheers,
Mikel King
Optimized Computer Solutions, INC
Tech Alliance, INC
39 West Fourteenth Street
Second Floor
New York, NY 10011
http://www.ocsny.com
http://www.techally.com
t: 212.727.2100x132
+------------------------------------------+
How do you spell cooperation? Pessimists use
each other, but optimists help each other.
Collaboration feeds your spirit, while
competition only stokes your ego. You'll
find the best way to get along.
+------------------------------------------+







More information about the talk mailing list