incoming SSH restriction for *

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

incoming SSH restriction for *

Julien Cristau-6

At the moment, most hosts accept incoming ssh connections from the
entire Internet.  In the future, DSA intends to change this and, by default,
only accept ssh connections from other machines.

The following classes of hosts will continue to accept ssh from everywhere:

    - upload hosts
    - master and
    - dedicated ssh jumphosts {na,eu}
    - porter boxes (maybe).

These changes will come into effect no sooner than mid December.  The following
snippet in ~/.ssh/config configures OpenSSH to use a jumphost for all hosts other than the jumphosts.

Host * !* !
    # (or {na,eu}

Our documentation at will also be updated.

Julien, for DSA

signature.asc (849 bytes) Download Attachment