Re: bar root login from any but 192.168.0/16
From: Nico Kadel-Garcia (nkadel_at_comcast.net)
Date: Sat, 14 Aug 2004 17:48:08 -0400
"Harry Putnam" <firstname.lastname@example.org> wrote in message
> How can I bar root login via ssh but only from somewhere besides my
> local network?
> My ssh server sits behind a nat'ed firewall. I'd like to keep any
> root logins from the internet from happening but allow them from
The easy way is to use a different port for external, Internet based logins
by using a separate init script with a separate sshd_config file, and if you
wish to allow user access from the Internet at large, port-forward from your
external NAT'ed IP address and port (such as the standard SSH port 22) to
your internal server on the alternative port. This will be invisible to your
users, protect your root accessible port from external access, and is very
simple to configure.