[HPADM] [SUMMARY] HP-UX SSH

From: Stephanie Chung (stepchung_at_yahoo.com)
Date: 04/14/05

  • Next message: Jeff Cleverley: "[HPADM] hpux / linux nfs issues" 
    Date: Thu, 14 Apr 2005 08:53:06 -0700 (PDT)
To: hpux <hpux-admin@dutchworks.nl>

    Thanks to:

    Jeff Fisher
    Eef Hartman
    Erik Platzbecker
    Carlos Montana
    ramill@wm.edu
    Jorge Fábregas
    and Others...

    ORIGINAL QUESTION:
    I installed hp-ux ssh to replace telnet and it's
    running fine. My question is how to allow only IP
    range 198.152.*.* to access the SSH and restrict other
    IPs. Since HP-UX ssh is running its own daemon
    (/opt/ssh/sbin/sshd) and not using ‘inetd’, put the
    restriction in ‘inetd.sec’ won’t help. Thanks you for
    your help.

    SOLUTION:
    This is from Jorge Fábregas:
    You need to run the ssh daemon thru inetd. Do the
    following:
    1- Stop the ssh daemon
    2- Make sure it won't start on machine startup by
    editing /etc/rc.config.d/sshd
       Change SSHD_START=1 to 0
    3- Modify /etc/inetd.conf to enable ssh. You must use
    the "-i" switch in order to allow it to run thru
    inetd. I have the following line on my inetd.conf
    ssh stream tcp nowait root /usr/sbin/sshd sshd -i
    4- Modify /var/adm/inetd.sec accordingly. Something
    like: ssh allow 172.16.0.10
    etc...
    Now you can get the ip filtering benefits provided by
    inetd. Of course, this is one scenario. You can still
    use IPFILTER if you want (and keep running SSHD
    stand-alone).
    -----------------------------------------------------
    Use tcp wrappers with /etc/hosts.deny, /etc/hosts.allow.

    __________________________________________________
    Do You Yahoo!?
    Tired of spam? Yahoo! Mail has the best spam protection around
    http://mail.yahoo.com 

    --
             ---> Please post QUESTIONS and SUMMARIES only!! <---
        To subscribe/unsubscribe to this list, contact majordomo@dutchworks.nl
       Name: hpux-admin@dutchworks.nl     Owner: owner-hpux-admin@dutchworks.nl
 
 Archives:  ftp.dutchworks.nl:/pub/digests/hpux-admin       (FTP, browse only)
            http://www.dutchworks.nl/htbin/hpsysadmin   (Web, browse & search)
  • Next message: Jeff Cleverley: "[HPADM] hpux / linux nfs issues"

    Relevant Pages

    • Re: Restarting init without rebooting
      ... The default in the new installs is not to run inetd on startup. ... A word of advice that I found on a Linux system that uses ... did NOT run it from xinetd. ... I was able to ssh into the system and found xinetd wasn't running. ...
      (comp.unix.bsd.freebsd.misc)
    • Re: Re: inetd.conf missing?
      ... but as I understand inetd its the service ... that controls any network service (ie ssh). ...
      (Ubuntu)
    • Re: ssh dropping
      ... It runs separate from inetd. ... all ssh sessions are dropped. ... Even when inetd dies (I've seen it die, ... The fact that your connections remain when inetd dies (I assume you are ...
      (comp.security.ssh)
    • Re: ssh dropping
      ... It runs separate from inetd. ... all ssh sessions are dropped. ... Even when inetd dies (I've seen it die, ... The fact that your connections remain when inetd dies (I assume you are ...
      (comp.security.ssh)
    • Re: SSH login takes very long time...sometimes
      ... would effectively bounce the bad guys, but AFAIK (correct me if I'm ... ssh is no longer supposed to work via inetd and still has no ... We're succesfully running openssh-portable from inetd with: ... vs@lambda$ grep ssh /var/log/messages ...
      (freebsd-stable)