Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Colin Raven
September 21, 2004, 6:59 pm
rate this thread
I'm setting up jails in FreeBSD4.10 stable, and the question of sshd
has come up. I want to disable listening on certain host IP's, so that
sshd running in various jails listen on those IP's instead.
The host machine has 5 IP's, and I want to stop the host sshd from
listening on 2 (the number of jails that are set up). Thus, since in
sshd_config if ListenAddress is left at 0.0.0.0, the host listens on
*all* IP's...whether 5 or 50. It seems then that I must specify *only*
the IP's that the host may listen on.
I need to know the syntax for specifying multiple IP's (as opposed to
a range, since the list isn't contiguous as you can see in my example
below) for "ListenAddress" in sshd_config. This has to be right, since
if I screw it up I'll lock myself and other admins out of a box which
is 3000 miles away! (-:
192.168.0.1, 192.168.0.2, 192.168.0.5
or is it:
192.168.0.1 192.168.0.2 192.168.0.5
OR is it:
OR - is it some *other* syntax?
(I'm using private IP examples instead of the actual IP's I have on
the box, please excuse the necessary confidentiality, since this is a
newsgroup) RTFM up 'til now hasn't produced any meaningful results.
I've actually seen the question asked a couple of times while
Googling, but thus far no answer(s) have revealed themselves while
searching. I've been diligent, but drew blanks, hence turning to this
group finally for help. Believe this, I did really try to find the
answer myself first. :)
Hoping this post makes sense, and also - of course - Thanks In
Anticipation for knowledgeable help or guidance.
Kind Regards to one and all,
Re: sshd_config ListenAddress syntax for multiple IP's
You could try it out on some more local box... - plus if you just kill
-HUP the daemon, it won't affect established sessions.
Strange, I found the ListenAddress entry in sshd_config(5) to be pretty
Specifies the local addresses sshd should listen on. The follow-
ing forms may be used:
This rules out your alternate suggestions (i.e. only one address
If port is not specified, sshd will listen on the address and all
prior Port options specified. The default is to listen on all
local addresses. Multiple ListenAddress options are permitted.
And this says to repeat the option.
- » protocol question - issue with exit-status inside unfinished data stream?
- — Newest thread in » Secure Shell Forum