SSH AllowHosts directives - Unix

This is a discussion on SSH AllowHosts directives - Unix ; I'm trying to secure my system so that only LAN access to SSH is possible. I've read from numerous sources that this is achieved simply by adding an AllowHosts directive into the sshd_config file. So I added: AllowHosts 192.168.1.110 Then ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: SSH AllowHosts directives

  1. SSH AllowHosts directives

    I'm trying to secure my system so that only LAN access to SSH is
    possible. I've read from numerous sources that this is achieved
    simply by adding an AllowHosts directive into the sshd_config file.

    So I added:

    AllowHosts 192.168.1.110

    Then when I restart the ssh daemon, it says:

    Bad configuration option: AllowHosts

    Can anyone explain why ssh doesn't recognize the AllowHosts
    directive? Do I have the syntax wrong somehow?


  2. Re: SSH AllowHosts directives

    In article Bill Marcum writes:
    $Perhaps it depends on the specific version of sshd, but I don't see
    $AllowHosts in the man page of sshd_config or ssh_config.

    Me neither. Typing "allowhosts" into Google turns up an answer:
    this is apparently a directive that can be used with ssh.com's ssh
    server, which is a commercial package and different from openssh.
    If the original poster is using openssh, that would explain it.

    If the goal is to allow hosts inside the firewall to connect via
    ssh and block hosts outside the firewall, it would be better to configure
    the firewall not to allow ssh connections from the outside world.
    But if you want to do it within sshd, or if you need finer granularity
    than your firewall can provide (e.g. if you want to allow only certain
    internal hosts while blocking others), you might use a Match Address
    directive so that you can apply different settings (e.g. AllowUsers *
    for your internal network or DenyUsers * for the rest of the world),
    or wrap sshd with tcp_wrappers (but see the sshd man page for a warning
    about efficiency in this case).
    --
    Stephen M. Dunn
    >>>----------------> http://www.stevedunn.ca/ <----------------<<<

    ------------------------------------------------------------------
    Say hi to my cat -- http://www.stevedunn.ca/photos/toby/

+ Reply to Thread