Article 6672 at 06/09/01 21:16:42 From: dan (at mark) dogsbody.org Subject: [coba-e:06672] Re: hosts.allow & host.deny

Index: [Article Count Order] [Thread]

Date:  Fri, 01 Sep 2006 12:59:41 +0100
From:  Dogsbody <dan (at mark) dogsbody.org>
Subject:  [coba-e:06672] Re: hosts.allow & host.deny
Sender:  Dan.Benton (at mark) Sun.COM
To:  coba-e (at mark) bluequartz.org
Message-Id:  <44F820AD.8060502 (at mark) dogsbody.org>
In-Reply-To:  <ANEGJMCHIAIGKNGEGHDKCEGJCCAA.jasonh (at mark) businessws.com>
References:  <ANEGJMCHIAIGKNGEGHDKCEGJCCAA.jasonh (at mark) businessws.com>
X-Mail-Count: 06672


> If i add a few IP addresses to hosts.allow like this:
> sshd: 82.118.106.158
> and then add to hosts.deny:
> sshd: ALL
> Will the ips in that I specified in hosts.allow still be able to ssh the
> server? I want to check before I lock myself out of a remote server.

Yes, this will be fine.  This is taken from the hosts.deny man page...

The access control software consults two files.  The  search  stops  at 
  the  first match:

- Access  will  be granted when a (daemon,client) pair matches an entry 
in the /etc/hosts.allow file.

- Otherwise, access will be denied when a (daemon,client) pair matches 
an entry in the /etc/hosts.deny file.

- Otherwise, access will be granted.


Dan