[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ssh_config file and the "Host *" directive
- Subject: [cobalt-security] ssh_config file and the "Host *" directive
- From: Scott F <scott_falco@xxxxxxxxx>
- Date: Tue, 7 Aug 2001 17:31:29 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
This may seem like a no-brainier, but I thought I'd
ask just so I don't find myself locked out in a few
days since telnet is removed from my systems.
With OpenSSH 2.9, in the /etc/ssh/ssh_config file,
regarding the " Host * " entry - how should this be
coded properly to only allow connections from a given
ISP?
For example, if I'm using a Mindspring/Earthlink DSL
connection to connect to my boxes, should I just enter
this as:
Host mindspring.com
--or-- would it be:
Host .mindspring.com
What if Mindspring one day (for some reason) started
routing my connections via Earthlink - can I have
*two* entries on this line (one as a fall-back)? Same
regarding an IP that doesn't resolve back to
Mindspring/Earthlink correctly? I see this
occasionally with customers out West using Pacific
Bell as their ISP.. (regarding my hosts.allow file, my
hosts.deny file is setup to deny ALL connections
unless specified in hosts.allow). Sometimes a PB
customer's connection tries to connect only with an
IP, and a connection doesn't resolve back correctly as
.pacbell.net (which is permitted via the hosts.allow
file).
Just covering my bases before something ugly creeps-up
from my tweaking around.
Thanks!
Scott
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/