On Sunday 09 September 2001 03:19 am, eric.draven@aon.at wrote:
Hi all,
I have the following problem: i use a dialup-connection at home and want to grant SSH-access to our company server, but (of course) only for my IP. So I registered some dynamic DNS-service and applied the host "xxx.ath.cx".
So the original rule of:
ipchains -I input 1 -j ACCEPT -l -p tcp -i eth0 -s xxx.ath.cx -d dst 22
is translated to: (ipchains -L)
target prot opt source destination ports ACCEPT tcp ----l- L0099P99.dipool.highway.telekom.at dst any -> ssh
which is not really what i want.. :/
Is there any solution? Deleting and re-inserting this rules every minute via crontab is something i would not really like to do..
Your ipchains us using the revers dns, (which is all it can get). SSH is such that it is somewhat overkill to further limit who gets in based on IP. If you need to limit ssh to a specific subset of users why not chang file ssh in /etc/pam.d directory by adding: (it should not be wrapped like it probably appears below) auth required /lib/security/pam_listfile.so item=user sense=allow file=/etc/sshusers onerr=succeed I haven't tried this yet, but I will. Theoretically it would limit ssh users to the list of names found in /etc/sshusers __________________________________________ J.Andersen