两个文件可以用来控制远程访问的权限。
hosts.allow对应允许远程连接的用户,hosts.deny对应拒绝远程访问的用户。
以ssh为例:
编辑hosts.deny.
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
#
# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID
sshd:jammgit_1
host.deny文件一些语法(allow类似):
sshd:netid.* // 拒绝一切网络号为netid的主机登陆
那么,当用ssh登陆时会提示:
jammgit@jammg:/etc$ ssh -l jammgit_l localhost
jammgit_l@localhost's password:
Permission denied, please try again.
注意,当deny和allow的数据有冲突,例如有一个用户既同意又不同意,那么以allow为准。
另一方面,ssh有一个配置文件sshd_config,如果里面设置和hosts.allow和hosts.deny有冲突,那么以sshd_config为准。
如:
#vim sshd_config
...
AllowUsers jammgit_1
...
那么最终是可以登陆的。
hosts是实现dns功能的文件,在局域网机器数量大的情况下应该开启dns服务器。