Hy Everyone, I have setup a debian/sarge webserver. To tighten security more I want to restrict ssh(putty) access to the server. Only 3 ipaddresses are allowed to connect to the server with ssh. The problem is that every howto I apply to the server is completly ignored by the server. I have tryed to setup my /etc/hosts.allow and /etc/hosts.deny but nothing works. Even having an empty hosts.allow file and only "sshd: ALL" in my hosts.deny file is still giving me access with ssh(putty). Is there something I missed in the configuration? If anybody could help me out here I would be verry thankfull. Rgds Edo
I don't know why it won't work with you. But when I tried this with my Debian Web Server it did work. Anyway, in my other server, I installed a Shorewall Firewall, and there I restricted the IP Addresses that can access my server remotely thru SSH and I don't have to configure anything on my hosts.allow/deny files.
hmmm.... hmmm... So this should work on debian/sarge. Strange. I already have a firewall installed on the system and I don't want to mess with it to much so I thought this would be better. Thanks for the response anyway. Rgds Edo
file content Hy Falco, I have done some addition reading and found the setup that I now have put in my /etc/hosts.allow file. sshd : 127.0.0.1 : allow sshd : 10.0.0.10 : allow sshd : 10.0.0.15 : allow sshd : ALL : deny My /etc/hosts.deny file is empty(just some comments from the original debian installation) But this is still not working. I have installed this installation with a debian backport image of kernel 2.6. From here http://mirror.home-dn.net/d-i/ -> sarge-custom-1008.iso Then I followed the perfect debian setup and the ispconfig setup. There were no errors everything went verry smooth. Could it be a kernel/portmapper thing? Thanks for the intrest by the way. Rgds Edo
yes Well I was not sure if sshd read the configuration or something else was. To be sure I just rebooted the whole server. After every change I made in my hosts.allow or deny file I rebooted the whole server just to be sure. And just to be sure I just did: /etc/init.d/ssh force-reload /etc/init.d/ssh restart But it is still not working. Thanks for the advice though. Are there some tests I could do to find determine the problem.
Try Code: sshd: * in /etc/hosts.deny and Code: sshd: 127.0.0.1 sshd: 10.0.0.10 sshd: 10.0.0.15 in /etc/hosts.allow.
