Re: bar root login from any but 192.168.0/16

From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: 08/14/04

  • Next message: chad_at_bluestream.org: "Re: Win XP SP2 alternate localhost broken"
    Date: Sat, 14 Aug 2004 17:48:08 -0400
    
    

    "Harry Putnam" <reader@newsguy.com> wrote in message
    news:m3wu03vtx8.fsf@newsguy.com...
    > How can I bar root login via ssh but only from somewhere besides my
    > local network?
    >
    > My ssh server sits behind a nat'ed firewall. I'd like to keep any
    > root logins from the internet from happening but allow them from
    > my.local.net.

    The easy way is to use a different port for external, Internet based logins
    by using a separate init script with a separate sshd_config file, and if you
    wish to allow user access from the Internet at large, port-forward from your
    external NAT'ed IP address and port (such as the standard SSH port 22) to
    your internal server on the alternative port. This will be invisible to your
    users, protect your root accessible port from external access, and is very
    simple to configure.


  • Next message: chad_at_bluestream.org: "Re: Win XP SP2 alternate localhost broken"