On Thu, 26 Jul 2007, Kenn Humborg wrote:
> Failing that, is there any way to setup OpenSSH to permit root
> logins via eth1, but not via eth0? I don't want to enable root
> logins from the Internet interface, but if I could allow root
> logins from the LAN side,
So really, what you want to do is apply ACLs based on the /IP/
addresses. Use tcpwrappers.
('LAN' and 'Internet' almost certainly correlate more strongly to
some set of addresses, and the inverse of that set, than 'ethX'. E.g.
IP address filters will still work if someone unplugs your ethernet
cables and plugs 'em back in wrong way around..).
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Anybody who doesn't cut his speed at the sight of a police car is
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!