Amish Rughoonundon wrote: > I was looking at my auth.log file and I saw a bunch of these things: > Nov 28 16:22:41 localhost sshd[11363]: Illegal user nobody from > 212.0.148.2 > > I was wondering if there is a way to filter the ip allowed to access > the computer and allow only 1 ip (mine) to do so. Thanks a lot,
Sure! You could set up a firewall (iptables), but tcpwrappers is probably easier. On the server, put this line into /etc/hosts.allow : sshd: 1.2.3.4 (of course, replace 1.2.3.4 with the IP of the computer you want to permit to log in) and this line into /etc/hosts.deny : sshd: ALL When a new connection attempt is made, the ssh daemon will first check hosts.allow to see if the host is permitted. Hence your client system will be allowed to log in. If the host isn't listed in hosts.allow, sshd next checks hosts.deny to see if the host is forbidden. Since that file has the entry "ALL", all other hosts will be rejected. The man page for hosts_access(5) has more information. By the way, you can replace the daemon name "sshd" with "ALL" in both config files, to make this behavior occur for all daemons on the server that use tcpwrappers. regards, -- Kevin B. McCarty <[EMAIL PROTECTED]> Physics Department WWW: http://www.princeton.edu/~kmccarty/ Princeton University GPG: public key ID 4F83C751 Princeton, NJ 08544 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
