0

On a freeBSD server, I have a hosts.allow and a hosts.equiv, but no hosts.deny file. Does freeBSD not use the deny file? If it does, can I make the file myself or does it have to be generated by something?

I'm doing this to limit SSH access to our main office on a remote server. I tested it out on an Ubuntu server here. Do these files behave the same way on freeBSD? I.e. can I do this on the freeBSD machine to limit ssh to just my office IP address?:

sshd: <ip address> #this is in the hosts.allow file
sshd: ALL #this is in the deny file

I obviously want to make sure this gets done right the first time, since it's remote and it would be a headache if I locked myself out of the machine. Thanks for input.

Safado
  • 4,726
  • 7
  • 35
  • 53

2 Answers2

1

Don't touch those files. Instead, use your firewall rules to allow and deny IP addresses and or hosts. Yes, you can create the hosts.deny and it will work. Don't do it. Use the firewall.

You are using a firewall, aren't you? I like ipfilter best.

Bob Dog
  • 11
  • 1
  • yeah, pf.conf. Editing the hosts files is the much easier route. However, you're not the first person I've seen that has said to use the firewall instead of hosts.. is there a logical reason behind this, or is this just preference? Am I any less secure using the hosts files? Thanks. – Safado Mar 09 '11 at 17:12
  • Edit: You're right. I still don't have a logical reason why, but right in the default hosts.allow file they strongly recommend not using the host files for sshd. Thanks. – Safado Mar 09 '11 at 17:23
1

freeBSD uses a combined hosts.allow / deny format -- you can see an example here of how to do both.: http://lists.freebsd.org/pipermail/freebsd-questions/2007-January/139712.html

Kem Mason
  • 22
  • 1
  • Ah, this is the text inside the default hosts.allow file... guess I should have just read it! Thanks! – Safado Mar 09 '11 at 17:19