| View previous topic :: View next topic |
| Author |
Message |
Godsmacker777
Apprentice
Joined: 04 May 2004
Posts: 205
Location: Fenway area, Boston Massachusetts :O)
|
 Posted: Wed Jul 06, 2005 4:17 am Post subject: hosts.allow ssh based on mac address? |
 |
|
Right now I ssh into a friend's server using key authentication. My ip changes on a daily basis (everyone should curse verizon - and dsl in general - in their prayers tonight..) so this isn't really working.
We haven't found any helpful info yet, but is it possible to set the hosts.allow/deny based on mac addresses rather than an ip??
thanks :O)
_________________
Why must we hear what system you're running gentoo on, especially if all you've got is a measly gig of ram or 3gHz processor?
I want to see signatures boasting 25 cpu clusters and blade severs, or a big 'ole onyx..anyone running gentoo on an onxy?? |
|
| Back to top |
|
 |
ikaro
Advocate
Joined: 14 Jul 2003
Posts: 2527
Location: Denmark
|
| Posted: Wed Jul 06, 2005 4:34 am Post subject: |
|
|
using shorewall its pretty easy to do that - have you thought about that option ?
_________________
linux: #232767 |
|
| Back to top |
|
|
Godsmacker777
Apprentice
Joined: 04 May 2004
Posts: 205
Location: Fenway area, Boston Massachusetts :O)
|
| Posted: Wed Jul 06, 2005 5:05 am Post subject: |
|
|
we have..and probably will. though right now we're using ssh until we have shorewall running. :O)
any takers?
_________________
Why must we hear what system you're running gentoo on, especially if all you've got is a measly gig of ram or 3gHz processor?
I want to see signatures boasting 25 cpu clusters and blade severs, or a big 'ole onyx..anyone running gentoo on an onxy?? |
|
| Back to top |
|
|
rman77
n00b
Joined: 18 Sep 2004
Posts: 50
Location: USA
|
| Posted: Wed Jul 06, 2005 2:57 pm Post subject: |
|
|
The only easy way that I know of is through shorewall.... its about one line of code I would bite the bullet and install shorewall instead of looking for another way...
-Rman |
|
| Back to top |
|
|
nephros
Advocate
Joined: 07 Feb 2003
Posts: 2139
Location: Graz, Austria (Europe - no kangaroos.)
|
| Posted: Wed Jul 06, 2005 3:46 pm Post subject: |
|
|
what's wrong with
iptables -A INPUT -p tcp --mac-source XX:XX:XX:XX:XX:XX --dport 22 -j ACCEPT
_________________
Please put [SOLVED] in your topic if you are a moron. |
|
| Back to top |
|
|
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Jul 06, 2005 11:17 pm Post subject: Re: hosts.allow ssh based on mac address? |
|
|
| Godsmacker777 wrote: | | ... is it possible to set the hosts.allow/deny based on mac addresses rather than an ip?? |
short answer: in that case - no
If there is one (or >1, doesn't matter) router between your two machines you'll never see the MAC of the other machine connecting to you. All you see on layer-2 level is the MAC of the gateway (normally your default gateway) through which this connection attempt is coming in.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
Godsmacker777
Apprentice
Joined: 04 May 2004
Posts: 205
Location: Fenway area, Boston Massachusetts :O)
|
| Posted: Thu Jul 07, 2005 8:46 pm Post subject: |
|
|
Thanks to everyone for your answers :O)
especially Think4UrS11, for your details..wasn't sure if the mac address is something that makes it's way through hardware router/firewalls.
Looks like we'll give shorewall a shot.
_________________
Why must we hear what system you're running gentoo on, especially if all you've got is a measly gig of ram or 3gHz processor?
I want to see signatures boasting 25 cpu clusters and blade severs, or a big 'ole onyx..anyone running gentoo on an onxy?? |
|
| Back to top |
|
|
|
Networking & Security
