Hy Everyone,

I have setup a debian/sarge webserver.
To tighten security more I want to restrict ssh(putty) access to the server.
Only 3 ipaddresses are allowed to connect to the server with ssh.

The problem is that every howto I apply to the server is completly ignored by the server.:confused:

I have tryed to setup my /etc/hosts.allow and /etc/hosts.deny but nothing works. Even having an empty hosts.allow file and only "sshd: ALL" in my hosts.deny file is still giving me access with ssh(putty).

Is there something I missed in the configuration?

If anybody could help me out here I would be verry thankfull.:D

Rgds Edo

Hy Everyone,

I have setup a debian/sarge webserver.
To tighten security more I want to restrict ssh(putty) access to the server.
Only 3 ipaddresses are allowed to connect to the server with ssh.

The problem is that every howto I apply to the server is completly ignored by the server.:confused:

I have tryed to setup my /etc/hosts.allow and /etc/hosts.deny but nothing works. Even having an empty hosts.allow file and only "sshd: ALL" in my hosts.deny file is still giving me access with ssh(putty).

Is there something I missed in the configuration?

If anybody could help me out here I would be verry thankfull.:D

Rgds Edo

I don't know why it won't work with you. But when I tried this with my Debian Web Server it did work. Anyway, in my other server, I installed a Shorewall Firewall, and there I restricted the IP Addresses that can access my server remotely thru SSH and I don't have to configure anything on my hosts.allow/deny files.

hmmm...

So this should work on debian/sarge.
Strange.

I already have a firewall installed on the system and I don't want to mess with it to much so I thought this would be better.

Thanks for the response anyway.

Rgds Edo

What's in /etc/hosts.deny and /etc/hosts.allow?

Hy Falco,

I have done some addition reading and found the setup that I now have put in my /etc/hosts.allow file.

sshd : 127.0.0.1 : allow
sshd : 10.0.0.10 : allow
sshd : 10.0.0.15 : allow
sshd : ALL : deny

My /etc/hosts.deny file is empty(just some comments from the original debian installation)

But this is still not working.:confused:

I have installed this installation with a debian backport image of kernel 2.6.
From here http://mirror.home-dn.net/d-i/ -> sarge-custom-1008.iso

Then I followed the perfect debian setup and the ispconfig setup.
There were no errors everything went verry smooth.

Could it be a kernel/portmapper thing?

Thanks for the intrest by the way.:cool:

Rgds Edo

Did you restart the SSH server?

Well I was not sure if sshd read the configuration or something else was.
To be sure I just rebooted the whole server.

After every change I made in my hosts.allow or deny file I rebooted the whole server just to be sure.

And just to be sure I just did:;)
/etc/init.d/ssh force-reload
/etc/init.d/ssh restart

But it is still not working.:confused:

Thanks for the advice though.

Are there some tests I could do to find determine the problem.

Try
sshd: *
in /etc/hosts.deny and
sshd: 127.0.0.1
sshd: 10.0.0.10
sshd: 10.0.0.15in /etc/hosts.allow.