• Home
• Pictures
• Writing
• Relationship
• Blog

Enabling SSH (secure shell):

Modify '/private/etc/sshd_config'. I added at the bottom to control users that can log in:

    AllowUsers lgrove

I had a computer exposed to the internet via a DMZ assignment in my home router. I wanted to allow any user to log in from my LAN or from my office computer, but I don't want to allow any account to log in from the internet. This can be done by editing /etc/hosts.allow and /etc/hosts.deny:

My /etc/hosts.deny was set up to deny everything (only allowing what hosts.allow explicitly permits). It contains:

    ALL : ALL

My /etc/hosts.allow had rules that allow all services to accept connections from my LAN (192.168.1.*) and ssh logins from my office subnet. It contains:

    ALL : 192.168.1. 

    sshd-keygen-wrapper,sshd : office IP prefix

Attempting to connect to ssh from any other location results in the Mac dropping the TCP connection before the ssh daemon even gets a chance to find out what the user ID is.