[nflug] ssh time/warner

Mark Musone mmusone at shatterit.com
Wed Nov 14 09:32:57 EST 2007 

That's not true. It shouldn't fail via reverse DNS checks (ssh doesn't
verify reverse DNS, at least not by default).
The key is not ip based, hence the whole point of ssh. It's certificate
based, not ip based.
Hosts.all does not come into play, as hosts.allow is only used by tcpd, the
tcp wrapper. sshd typically runs as it's own daemon. (although you can run
it under inetd (why would you want to do that??) )

I use sshd with dynamic dns all the time at home (granted, it's behind a nat
router, so the actual internal machine ip never changes.

Mark



-----Original Message-----
From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On Behalf Of
Cyber Source
Sent: Wednesday, November 14, 2007 8:55 AM
To: nflug at nflug.org
Subject: Re: [nflug] ssh time/warner

I'm not sure that's going to do what he wants (correct me if I'm wrong), 
as it will fail when it checks via reverse dns, even if it was mapped to 
another box, if it's not static somewhere, the key will fail when the IP 
changes. I believe he wants to limit the connections available for ssh 
using his /etc/hosts.allow file. The best way I've found is to go with a 
broad range like "69.71.", as the first 2 octets will probably never 
change. He's just looking for the range(s) that they may use locally 
here. I'm not sure myself. When it was Adelphia, you could always count 
on 24., now with TW, I see all sorts, 69., 71, etc..

Robert Wolfe wrote:
> Well, I usually use dyndns.org to handle all of that for me :)  I have 
> a Windows Server 2003 box running the DynDns.org update client (the 
> same machine that my BBS runs on) and it works perfectly (granted my 
> Linux server runs in a VMWare box <G>).
>
> eric wrote:
>> I'd like to cut down the possible network connections over the 
>> internet for access to a ssh server.
>> I can't afford a static ip so I was wondering if anyone new the range 
>> of internet ip's handed out to users from time/warner ...I'm pretty 
>> sure my DNS servers are coming from Lackawana?
>>
>> Thanks in advance,
>> Eric
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug

More information about the nflug mailing list