Re: How to permit selective SSH access?
From: Gerard (DontWant_at_SP_aM.nl)
Date: Thu, 3 Jun 2004 15:39:06 +0200
On Thu, 03 Jun 2004 07:30:31 -0400, Jean-David Beyer scribbled:
> Reply-Via-Newsgroup Thanks wrote:
>> I have tried reading the 'man' page on ssh and attempted to configure
>> to only permit access to the server from a select number of IP addresses
>> however it doesn't work (meaning access is permitted from all IP
>> addresses regardless of origin).
>> I just placed the IP addresses in the above files - Can someone provide
>> me with some examples or suggest where I am going wrong?
>> Please reply via the newsgroup so all can learn,
>> Thanks in advance,
>> Randell D.
> I do it with iptables.
> I have iptables set up to deny access from anyone to anything.
> Then I selectively allow those IP addresses I care about to connect to
> those ports I want.
> So for ssh, I have entries like:
> # For sshd daemon.
> for sip in $[list of good guys for ssh]; do
> $IPT -A IN_FIREWALL -p tcp -m state --state NEW \
> -s $sip --dport ssh -j ACCEPT
I'd like to second this method. It seems to me that it's safer and more
likely to work, independent of tcpd, libwrapper or whatever. You tackle the
problem right at entry time.
Think I'll reconfigure mine like this also...
Tnx 4 the input.
-- GerardLinux ay tee filternet dee oo tee ann el ACHTUNG!! Das machinen is nicht fur gefingerpoken und mittengrabben. Ist easy schnappen der spingenwerk, blowenfusen und corkenpoppen mit spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das rubbernecken sightseeren keepen handen in das pockets. Relaxen und vatch das blinkenlights!!!