Topic: securing remote SSH access with dhcp

[Daniel]

e-smith (SME) works nicely.  I am happy.

E-smith NAT's from the internet back to 192.168.0.*

On dialup or adsl/cable we get dynamic IPs but we work around that with dyndns.

I need to ssh to the server from a particular enterprise (fully routable) network elsewhere.

I can't add it as a local network because e-smith can't access it from the 192.168.0.* interface.

Does this mean that I have to edit the templates for etc/ssh/sshd_config and etc/hosts.allow?

Is there a more elegant way to do this?

Lastly, it occurs to me that perhaps we need a forum split now that there's much more traffic in here than there used to be -- split into hardware trouble (those annoying travan drives), software trouble (hylafax etc) and configuration trouble (like this and like the old 4.12 problem that by default any logged in SMB user could access the file shares.  Any thoughts? Would Simtel bother to split the forums?

[Ben]

I've never fully understood why there's a check in place to see if the gateway to a specified 'local' network is reachable. The extra local networks I usually add are on the outside interface - to do this I disable the check in the /usr/lib/perl5/siteperl/esmith/FormMagick/Panel/localnetworks.pm by commenting out the appropriate lines (dodgy I know). I think a warning stating something along the lines of "The specified gateway could not be reached from the local interface, it may not work and could pose a security risk"  would be fine, instead of simply not allowing it.

That's my logic, I might have skipped the point of it.