[HPADM] Re: HP-UX SSH
From: Jorge Fábregas (fabregasj_at_prtc.net)
To: hpux <firstname.lastname@example.org> Date: Wed, 13 Apr 2005 18:51:53 -0400
On Wednesday 13 April 2005 6:31 pm, Stephanie Chung wrote:
> I installed hp-ux ssh to replace telnet and it's
> running fine. My question is how to allow only IP
> range 198.152.*.* to access the SSH and restrict other
> IPs. Since HP-UX ssh is running its own daemon
> (/opt/ssh/sbin/sshd) and not using ‘inetd’, put the
> restriction in ‘inetd.sec’ won’t help. Thanks you for
> your help.
You need to run the ssh daemon thru inetd. Do the following:
1- Stop the ssh daemon
2- Make sure it won't start on machine startup by
Change SSHD_START=1 to 0
3- Modify /etc/inetd.conf to enable ssh. You must use the "-i" switch in order
to allow it to run thru inetd. I have the following line on my inetd.conf
ssh stream tcp nowait root /usr/sbin/sshd sshd -i
4- Modify /var/adm/inetd.sec accordingly. Something like:
ssh allow 172.16.0.10
Now you can get the ip filtering benefits provided by inetd.
Of course, this is one scenario. You can still use IPFILTER if you want (and
keep running SSHD stand-alone).
-- ---> Please post QUESTIONS and SUMMARIES only!! <--- To subscribe/unsubscribe to this list, contact email@example.com Name: firstname.lastname@example.org Owner: email@example.com Archives: ftp.dutchworks.nl:/pub/digests/hpux-admin (FTP, browse only) http://www.dutchworks.nl/htbin/hpsysadmin (Web, browse & search)