host.allow ----- sshd:192.168.0.0/255.255.255.0host.deny ----- ALL: A

1. host.allow ----- sshd:192.168.0.0/255.255.255.0
2.  
3.  
4.  
5.  
6. host.deny ----- ALL: ALL: DENY
7.  
8. sshd_config ----- # $OpenBSD: sshd_config,v 1.81 2009/10/08
9. 14:03:41 markus Exp $
10.  
11. # This is the sshd server system-wide configuration file. See
12. # sshd_config(5) for more information.
13.  
14. # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
15.  
16. # The strategy used for options in the default sshd_config shipped with
17. # OpenSSH is to specify options with their default value where
18. # possible, but leave them commented. Uncommented options change a
19. # default value.
20.  
21. #Port 22
22. #AddressFamily any
23. ListenAddress 0.0.0.0
24. #ListenAddress ::
25.  
26. # The default requires explicit activation of protocol 1
27. #Protocol 2
28.  
29. # HostKey for protocol version 1
30. #HostKey /etc/ssh/ssh_host_key
31. # HostKeys for protocol version 2
32. #HostKey /etc/ssh/ssh_host_rsa_key
33. #HostKey /etc/ssh/ssh_host_dsa_key
34.  
35. # Lifetime and size of ephemeral version 1 server key
36. #KeyRegenerationInterval 1h
37. #ServerKeyBits 1024
38. # Logging
39. # obsoletes QuietMode and FascistLogging
40. #SyslogFacility AUTH
41. #LogLevel INFO
42.  
43. # Authentication:
44.  
45. #LoginGraceTime 2m
46. #PermitRootLogin yes
47. #StrictModes yes
48. #MaxAuthTries 6
49. #MaxSessions 10
50. #RSAAuthentication yes
51. #PubkeyAuthentication yes
52. #AuthorizedKeysFile .ssh/authorized_keys
53.  
54. # For this to work you will also need host keys in
55. /etc/ssh/ssh_known_hosts
56. #RhostsRSAAuthentication no
57. # similar for protocol version 2
58. #HostbasedAuthentication no
59. # Change to yes if you don't trust ~/.ssh/known_hosts for
60. # RhostsRSAAuthentication and HostbasedAuthentication
61. #IgnoreUserKnownHosts no
62. # Don't read the user's ~/.rhosts and ~/.shosts files
63. #IgnoreRhosts yes
64.  
65. # To disable tunneled clear text passwords, change to no here!
66. #PasswordAuthentication no
67. #PermitEmptyPasswords no
68.  
69. # Change to no to disable s/key passwords
70. ChallengeResponseAuthentication no
71.  
72. # Kerberos options
73. #KerberosAuthentication no
74. #KerberosOrLocalPasswd yes
75. #KerberosTicketCleanup yes
76.  
77.  
78. #KerberosGetAFSToken no
79. # GSSAPI options
80. #GSSAPIAuthentication no
81. #GSSAPICleanupCredentials yes
82.  
83. # Set this to 'yes' to enable PAM authentication, account processing,
84. # and session processing. If this is enabled, PAM authentication will
85. # be allowed through the ChallengeResponseAuthentication and
86. # PasswordAuthentication. Depending on your PAM configuration,
87. # PAM authentication via ChallengeResponseAuthentication may bypass
88.  
89. # the setting of "PermitRootLogin without-password".
90. # If you just want the PAM account and session checks to run without
91. # PAM authentication, then enable this but set PasswordAuthentication
92. # and ChallengeResponseAuthentication to 'no'.
93. UsePAM yes
94.  
95.  
96.  
97. #AllowAgentForwarding yes
98. #AllowTcpForwarding yes
99. #GatewayPorts no
100. #X11Forwarding no
101. #X11DisplayOffset 10
102. #X11UseLocalhost yes
103. #PrintMotd yes
104. #PrintLastLog yes
105. #TCPKeepAlive yes
106. #UseLogin no
107. #UsePrivilegeSeparation yes
108. #PermitUserEnvironment no
109. #Compression delayed
110. #ClientAliveInterval 0
111. #ClientAliveCountMax 3
112. #UseDNS yes
113. #PidFile /var/run/sshd.pid
114. #MaxStartups 10
115. #PermitTunnel no
116. #ChrootDirectory none
117.  
118. # no default banner path
119. #Banner none
120.  
121. # override default of no subsystems
122. Subsystem sftp /usr/lib/ssh/sftp-server
123.  
124. # Example of overriding settings on a per-user basis
125. #Match User anoncvs
126. # X11Forwarding no
127. # AllowTcpForwarding no
128. # ForceCommand cvs server