Thanks!
Full Version: Can Ssh Telnet Listen For An Ip Address Only?
Hi. I was wondering if there is a way to get SSH telnet on Linux to allow SSH requests from a specific IP address only? This would be a great security feature, but so far, I have not been able to find anything on this. Webmin has this feature.
Thanks!
Thanks!
SSH soes not check for IP, it only check for user name and password. To limit IP address access, use IP tables.
iptables -A NPUT -s ! 192.168.0.1 -p tcp --dport 22 -j REJECT
Here is iptables howto
http://www.netfilter.org/documentation/HOW...ering-HOWTO.txt
iptables -A NPUT -s ! 192.168.0.1 -p tcp --dport 22 -j REJECT
Here is iptables howto
http://www.netfilter.org/documentation/HOW...ering-HOWTO.txt
You can also add a line to your hosts.deny and hosts.allow file to do this.
In /etc/hosts.deny, add the following line:
sshd: ALL
In /etc/hosts.allow, add the following:
sshd: 192.168.0.1 (or whatever the IP is)
Using your firewall is one good way to limit ssh usage, however, the above method is the quickest and easiest to maintain. Note: After making these changes, you need to restart inetd with killall -HUP inetd
In /etc/hosts.deny, add the following line:
sshd: ALL
In /etc/hosts.allow, add the following:
sshd: 192.168.0.1 (or whatever the IP is)
Using your firewall is one good way to limit ssh usage, however, the above method is the quickest and easiest to maintain. Note: After making these changes, you need to restart inetd with killall -HUP inetd
you can also try editing the following line in the following file:
/etc/ssh/sshd_config
uncomment the following line by removing the # sign
and put the ip address you want sshd to listen, replacing 0.0.0.0
#ListenAddress 0.0.0.0
try that ..see what happens
/etc/ssh/sshd_config
uncomment the following line by removing the # sign
and put the ip address you want sshd to listen, replacing 0.0.0.0
#ListenAddress 0.0.0.0
try that ..see what happens
I may be wrong, but I believe that option in the config file is for computers with multiple IP addresses. It sets which IP the daemon will respond to if requested.
the /etc/hosts.deny(allow) file is only used by tcpd and SSH is not controlled by tcpd
you can control who connects to ssh using
the hosts.allow (deny) files....
thats how i controll who connects via ssh
to my box
how else would you connect to ssh without
tcp
the hosts.allow (deny) files....
thats how i controll who connects via ssh
to my box
how else would you connect to ssh without
tcp
I am talking about tcpd ,is the daemon for TCP_wrappers NOT tcp. You are correct if tcp_wrapper support is complied in, then you can use the hosts.deny,(allow) file. But for performance purpose, we do not usually use tcpd to control ssh.
You are also correct that you can control who use ssh with the /etc/ssh_config file.
The keyword to use is "AllowHosts", this keyword can be followed by space-separated hosts name or IP addresses. also * and ? wildcards can be used.
You can also use "DenyHosts", "AllowUsers" and "DenyUsers" in the file
You are also correct that you can control who use ssh with the /etc/ssh_config file.
The keyword to use is "AllowHosts", this keyword can be followed by space-separated hosts name or IP addresses. also * and ? wildcards can be used.
You can also use "DenyHosts", "AllowUsers" and "DenyUsers" in the file
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.