S.D.Allen wrote: > Greetings; > > I can seem to figure out which config file to edit and what to enter > to allow only hosts on the LAN to connect via SSH. I'll have the box > in question available to the entire Internet and want to disable > global access to SSH. Presently I'm using password authentication, and > would prefer to keep it this way, as opposed to allowing access via > trusted key.
Is the system dual homed? If so then you can pretty easily configure SSH to only listen on the internal interface, in /etc/ssh/sshd_config put ListenAddress <IP address of internal interface> and restart sshd Otherwise you can add an iptables rule to block inbound ssh access unless it comes from your LAN. The above is easier though. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
