Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Can Ssh Telnet Listen For An Ip Address Only?, can SSH Telnet listen for an IP address
tikvah
post Jan 18 2003, 09:11 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 1
Joined: 18-January 03
Member No.: 342



Hi. I was wondering if there is a way to get SSH telnet on Linux to allow SSH requests from a specific IP address only? This would be a great security feature, but so far, I have not been able to find anything on this. Webmin has this feature.


Thanks!
blink.gif
Go to the top of the page
 
+Quote Post
alex_123_sk
post Jan 19 2003, 01:33 AM
Post #2


Whats this Lie-nix Thing?
*

Group: Members
Posts: 23
Joined: 18-January 03
Member No.: 339



SSH soes not check for IP, it only check for user name and password. To limit IP address access, use IP tables.


iptables -A NPUT -s ! 192.168.0.1 -p tcp --dport 22 -j REJECT

Here is iptables howto
http://www.netfilter.org/documentation/HOW...ering-HOWTO.txt
Go to the top of the page
 
+Quote Post
Corey
post Jan 20 2003, 10:10 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 1,254
Joined: 21-September 02
From: St John's, Newfoundland, Canada
Member No.: 3



You can also add a line to your hosts.deny and hosts.allow file to do this.

In /etc/hosts.deny, add the following line:

sshd: ALL

In /etc/hosts.allow, add the following:

sshd: 192.168.0.1 (or whatever the IP is)

Using your firewall is one good way to limit ssh usage, however, the above method is the quickest and easiest to maintain. Note: After making these changes, you need to restart inetd with killall -HUP inetd


--------------------
Corey Quilliam
(former) Linuxhelp.ca Administrator
cquilliam-AT-gmail-dot-com

Want to help out Linuxhelp.net? Check out our Linuxhelp Wiki and see if there are some articles you would like to submit!!

--
Ubuntu 8.04 64-bit - Work Laptop (HP-Compaq NC6400 Core2)
Kubuntu 8.04 64-bit - Desktop (HP m8120n QuadCore)
Ubuntu 6.04 - Server (I'm not upgrading this baby until support runs out in 2012) (Some old POS dell)
Go to the top of the page
 
+Quote Post
chrisw
post Jan 20 2003, 04:25 PM
Post #4


RMS is my Hero
******

Group: Admin
Posts: 634
Joined: 27-September 02
From: Louisiana
Member No.: 5



you can also try editing the following line in the following file:

/etc/ssh/sshd_config

uncomment the following line by removing the # sign
and put the ip address you want sshd to listen, replacing 0.0.0.0

#ListenAddress 0.0.0.0


try that ..see what happens


--------------------

Chris W.
Go to the top of the page
 
+Quote Post
Corey
post Jan 21 2003, 09:10 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 1,254
Joined: 21-September 02
From: St John's, Newfoundland, Canada
Member No.: 3



I may be wrong, but I believe that option in the config file is for computers with multiple IP addresses. It sets which IP the daemon will respond to if requested.


--------------------
Corey Quilliam
(former) Linuxhelp.ca Administrator
cquilliam-AT-gmail-dot-com

Want to help out Linuxhelp.net? Check out our Linuxhelp Wiki and see if there are some articles you would like to submit!!

--
Ubuntu 8.04 64-bit - Work Laptop (HP-Compaq NC6400 Core2)
Kubuntu 8.04 64-bit - Desktop (HP m8120n QuadCore)
Ubuntu 6.04 - Server (I'm not upgrading this baby until support runs out in 2012) (Some old POS dell)
Go to the top of the page
 
+Quote Post
alex_123_sk
post Jan 22 2003, 08:54 PM
Post #6


Whats this Lie-nix Thing?
*

Group: Members
Posts: 23
Joined: 18-January 03
Member No.: 339



the /etc/hosts.deny(allow) file is only used by tcpd and SSH is not controlled by tcpd
Go to the top of the page
 
+Quote Post
chrisw
post Jan 22 2003, 10:26 PM
Post #7


RMS is my Hero
******

Group: Admin
Posts: 634
Joined: 27-September 02
From: Louisiana
Member No.: 5



you can control who connects to ssh using
the hosts.allow (deny) files....


thats how i controll who connects via ssh
to my box

how else would you connect to ssh without
tcp


--------------------

Chris W.
Go to the top of the page
 
+Quote Post
alex_123_sk
post Jan 22 2003, 10:48 PM
Post #8


Whats this Lie-nix Thing?
*

Group: Members
Posts: 23
Joined: 18-January 03
Member No.: 339



I am talking about tcpd ,is the daemon for TCP_wrappers NOT tcp. You are correct if tcp_wrapper support is complied in, then you can use the hosts.deny,(allow) file. But for performance purpose, we do not usually use tcpd to control ssh.

You are also correct that you can control who use ssh with the /etc/ssh_config file.

The keyword to use is "AllowHosts", this keyword can be followed by space-separated hosts name or IP addresses. also * and ? wildcards can be used.
You can also use "DenyHosts", "AllowUsers" and "DenyUsers" in the file
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 17th October 2017 - 01:33 PM