rmtogether
asked on
access control by /etc/hosts.allow and /etc/hosts.deny
Dear experts,
I would like to set access control (IP address) by /etc/hosts.allow and /etc/hosts.deny in Ubuntu. I like to deny all IP address to use ssh except some IP address.
(1) could you please teach me how to do this by editing /etc/hosts.allow and /etc/hosts.deny. I am kind of confused about the order of use this 2 files. could you please give me examples? If add allow entries in /etc/hosts.allow , does rest of others is denied?
(2) Can /etc/hosts.allow and /etc/hosts.deny also control the access of Xrdp (port 3389)? if yes, how to do it?
Thank you so much!
I would like to set access control (IP address) by /etc/hosts.allow and /etc/hosts.deny in Ubuntu. I like to deny all IP address to use ssh except some IP address.
(1) could you please teach me how to do this by editing /etc/hosts.allow and /etc/hosts.deny. I am kind of confused about the order of use this 2 files. could you please give me examples? If add allow entries in /etc/hosts.allow , does rest of others is denied?
(2) Can /etc/hosts.allow and /etc/hosts.deny also control the access of Xrdp (port 3389)? if yes, how to do it?
Thank you so much!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I do not know, I usually access the servers using a terminal/ssh connection so graphical mode access xrdp or vnc, etc. is not something I tried.
please run the strings xrdpd daemon... to see if there is an event that mentions wrappers, "denied based on tcp wrappers." "connection denied based on tcp wrappers." etc.
if it does,
adding xrdp:ALL to /etc/hosts.deny will limit access via xrdp based on hosts.allow
you could try it, simple add the XRDP:ALL XRDPD:ALL VNC:ALL to /etc/hosts.deny and see whether it blocks access.
look at the
then add XRDP:IP XRDPD:IP VNC:IP to /etc/hosts.allow and see if connections from IP are now allowed
please run the strings xrdpd daemon... to see if there is an event that mentions wrappers, "denied based on tcp wrappers." "connection denied based on tcp wrappers." etc.
if it does,
adding xrdp:ALL to /etc/hosts.deny will limit access via xrdp based on hosts.allow
you could try it, simple add the XRDP:ALL XRDPD:ALL VNC:ALL to /etc/hosts.deny and see whether it blocks access.
look at the
then add XRDP:IP XRDPD:IP VNC:IP to /etc/hosts.allow and see if connections from IP are now allowed
ASKER
it seems the xrdpd is not a right command for me
fujitsu@hcavfb11:~$ xrdpd
No command 'xrdpd' found, did you mean:
Command 'xrdp' from package 'xrdp' (universe)
xrdpd: command not found
fujitsu@hcavfb11:~$ xrdp
It looks like xrdp is allready running,
if not delete the xrdp.pid file and try again
fujitsu@hcavfb11:~$SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you for your help!!
ASKER
Thank you for your quick help. I understand the the way for configuration ssh. thank you
about the xrdp,
I follow the steps in http://c-nergy.be/blog/?p=
So is it possible to use /etc/hosts.allow and /etc/hosts.deny for IP access control?