- 论坛徽章:
- 1
|
XDJM:帮个忙,关于HOSTS.ALLOW HOSTS.DENY
是关于SSH的:
这个是官方文档
Description: Top
The sshd daemon that comes with the Solaris[TM] 9 Operating System uses TCP
(Transmission Control Protocol) Wrappers (also called "libwrap" to control
access to hosts. (Unlike other systems, Solaris 9 does not use the OpenSSH
keywords "AllowHosts" and "DenyHosts" to permit or prevent SSH [Secure
Shell] connections.)
TCP wrapper support is compiled into the sshd binary and sshd, which runs
as a standalone daemon. (Unlike other services, the Solaris 9 Operating
System Secure Shell daemon is not under the control of inetd and tcpd.)
If sshd is running, and if the wrapper access control files are present
and correctly configured, you have all that you need to control host
access. This article explains how to do this.Document Body: Top
In this article controlling host access is a two-part process. First you
test the Solaris 9 Operating System Secure Shell functionality, and then
you activate the access control files. Follow these steps:
1. On the server running the sshd daemon, enter:
sshd-server# mv /etc/hosts.allow /var/tmp/
sshd-server# mv /etc/hosts.deny /var/tmp/
2. On a SSH client, enter:
ssh-client$ ssh -l <login_name>; <target_ssh_server>;
If you have no problems with the two preceding steps, proceed. Otherwise,
you should troubleshoot your SSH functionality before you continue.
3. You will now grant access to the host with name "hostA," and deny
access to all other hosts. On the server running the sshd daemon,
enter:
sshd-server# echo "sshd : hostA" >; /etc/hosts.allow
sshd-server# echo "sshd : ALL" >; /etc/hosts.deny
4. Next, you will test the allow access. On hostA, enter:
hostA$ ssh -l <login_name>; <sshd-server>;
This should succeed.
5. Now test the deny access. On another host, enter:
other_host$ ssh -l <login_name>; <sshd-server>;
This should fail.
If your tests were successful, both sshd and the wrappers are working
correctly.
For help configuring the access control files (/etc/hosts.allow and
/etc/host.deny) refer to the man pages. Enter:
# MANPATH=/usr/sfw/share/manMANPATH;export MANPATH
# man -s4 hosts_access |
|