[nflug] ssh time/warner
eric
eric at bootz.us
Wed Nov 14 11:47:37 EST 2007
right, can't hurt, I'll just get denied.
Cyber Source wrote:
> Eric should check his ssh/dns settings, I saw that start with ssh on
> Fedora and then Ubuntu. I remember Jesse having an issue with exactly
> this. And after this response, I checked on the server that he was
> having an issue with and in the /etc/hosts.allow file, I see his
> dyndns entry commented and his IP put below it, hence the resolution
> to the problem we were having when it was based on his dynamic dns. I
> don't recall exactly why but I believe it was because reverse dns was
> at play. Anywho, Eric and give it a try and see how it goes.
>
> Mark Musone wrote:
>> That's not true. It shouldn't fail via reverse DNS checks (ssh doesn't
>> verify reverse DNS, at least not by default).
>> The key is not ip based, hence the whole point of ssh. It's certificate
>> based, not ip based.
>> Hosts.all does not come into play, as hosts.allow is only used by
>> tcpd, the
>> tcp wrapper. sshd typically runs as it's own daemon. (although you
>> can run
>> it under inetd (why would you want to do that??) )
>>
>> I use sshd with dynamic dns all the time at home (granted, it's
>> behind a nat
>> router, so the actual internal machine ip never changes.
>>
>> Mark
>>
>>
>>
>> -----Original Message-----
>> From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On
>> Behalf Of
>> Cyber Source
>> Sent: Wednesday, November 14, 2007 8:55 AM
>> To: nflug at nflug.org
>> Subject: Re: [nflug] ssh time/warner
>>
>> I'm not sure that's going to do what he wants (correct me if I'm
>> wrong), as it will fail when it checks via reverse dns, even if it
>> was mapped to another box, if it's not static somewhere, the key will
>> fail when the IP changes. I believe he wants to limit the connections
>> available for ssh using his /etc/hosts.allow file. The best way I've
>> found is to go with a broad range like "69.71.", as the first 2
>> octets will probably never change. He's just looking for the range(s)
>> that they may use locally here. I'm not sure myself. When it was
>> Adelphia, you could always count on 24., now with TW, I see all
>> sorts, 69., 71, etc..
>>
>> Robert Wolfe wrote:
>>
>>> Well, I usually use dyndns.org to handle all of that for me :) I
>>> have a Windows Server 2003 box running the DynDns.org update client
>>> (the same machine that my BBS runs on) and it works perfectly
>>> (granted my Linux server runs in a VMWare box <G>).
>>>
>>> eric wrote:
>>>
>>>> I'd like to cut down the possible network connections over the
>>>> internet for access to a ssh server.
>>>> I can't afford a static ip so I was wondering if anyone new the
>>>> range of internet ip's handed out to users from time/warner ...I'm
>>>> pretty sure my DNS servers are coming from Lackawana?
>>>>
>>>> Thanks in advance,
>>>> Eric
>>>> _______________________________________________
>>>> nflug mailing list
>>>> nflug at nflug.org
>>>> http://www.nflug.org/mailman/listinfo/nflug
>>>>
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>>>
>>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list