Help - Search - Members - Calendar
Full Version: Can Ssh Telnet Listen For An Ip Address Only?
Linuxhelp > Support > Technical Support
tikvah
Hi. I was wondering if there is a way to get SSH telnet on Linux to allow SSH requests from a specific IP address only? This would be a great security feature, but so far, I have not been able to find anything on this. Webmin has this feature.


Thanks!
blink.gif
alex_123_sk
SSH soes not check for IP, it only check for user name and password. To limit IP address access, use IP tables.


iptables -A NPUT -s ! 192.168.0.1 -p tcp --dport 22 -j REJECT

Here is iptables howto
http://www.netfilter.org/documentation/HOW...ering-HOWTO.txt
Corey
You can also add a line to your hosts.deny and hosts.allow file to do this.

In /etc/hosts.deny, add the following line:

sshd: ALL

In /etc/hosts.allow, add the following:

sshd: 192.168.0.1 (or whatever the IP is)

Using your firewall is one good way to limit ssh usage, however, the above method is the quickest and easiest to maintain. Note: After making these changes, you need to restart inetd with killall -HUP inetd
chrisw
you can also try editing the following line in the following file:

/etc/ssh/sshd_config

uncomment the following line by removing the # sign
and put the ip address you want sshd to listen, replacing 0.0.0.0

#ListenAddress 0.0.0.0


try that ..see what happens
Corey
I may be wrong, but I believe that option in the config file is for computers with multiple IP addresses. It sets which IP the daemon will respond to if requested.
alex_123_sk
the /etc/hosts.deny(allow) file is only used by tcpd and SSH is not controlled by tcpd
chrisw
you can control who connects to ssh using
the hosts.allow (deny) files....


thats how i controll who connects via ssh
to my box

how else would you connect to ssh without
tcp
alex_123_sk
I am talking about tcpd ,is the daemon for TCP_wrappers NOT tcp. You are correct if tcp_wrapper support is complied in, then you can use the hosts.deny,(allow) file. But for performance purpose, we do not usually use tcpd to control ssh.

You are also correct that you can control who use ssh with the /etc/ssh_config file.

The keyword to use is "AllowHosts", this keyword can be followed by space-separated hosts name or IP addresses. also * and ? wildcards can be used.
You can also use "DenyHosts", "AllowUsers" and "DenyUsers" in the file
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.