Re: How to permit selective SSH access?

From: Jean-David Beyer (
Date: 06/03/04

Date: Thu, 03 Jun 2004 07:30:31 -0400

Reply-Via-Newsgroup Thanks wrote:
> Folks,
> I have tried reading the 'man' page on ssh and attempted to configure
> /etc/ssh/hosts.equiv
> .shosts
> to only permit access to the server from a select number of IP addresses
> however it doesn't work (meaning access is permitted from all IP
> addresses regardless of origin).
> I just placed the IP addresses in the above files - Can someone provide
> me with some examples or suggest where I am going wrong?
> Please reply via the newsgroup so all can learn,
> Thanks in advance,
> Randell D.

I do it with iptables.

I have iptables set up to deny access from anyone to anything.

Then I selectively allow those IP addresses I care about to connect to
those ports I want.

So for ssh, I have entries like:

# For sshd daemon.
for sip in $[list of good guys for ssh]; do
   $IPT -A IN_FIREWALL -p tcp -m state --state NEW \
       -s $sip --dport ssh -j ACCEPT

   .~.  Jean-David Beyer           Registered Linux User 85642.
   /V\                             Registered Machine   241939.
  /( )\ Shrewsbury, New Jersey
  ^^-^^ 07:25:00 up 2 days, 16:24, 5 users, load average: 2.05, 2.09, 2.08