Re: allow login from specific address
- From: comphelp@xxxxxxxxx (Todd H.)
- Date: 20 Sep 2006 09:31:36 -0500
Sylvain Ferriol <sferriol@xxxxxxx> writes:
hello
i want to config a ssh gateway between internet and my intranet:
the specifications are:
- a user from internet can not login the ssh_gateway
- some users (admins) from intranet can login the ssh_gateway
how can i do that ?
can i allow sshd to accept login only from an ip address range ?
is it more secure to only accept port forwarding on ssh_gateway ?
TCP Wrappers rather than an sshd config is the place to do this.
THe 30 second tutorial, assuming it's installed:
edit /etc/hosts.deny
Make this the one and only line:
sshd: ALL
Or, if you want to get more restrictive and don't host external
services on the box make that:
ALL:ALL
which denies everything by default except things specifically
allowed.
Next, edit /etc/hosts.allow
Add lines
sshd: ip.address.to.allow.here
sshd: ip.address2.to.allow.here
sshd: ip.address3.to.allow.here
sshd: ip.address4.to.allow.here
sshd: intranet.mycompany.com
Man hosts.allow for more details and different ways to specify ip
ranges and subnets. If your intranet hosts reverse resolve to a
consistent name e.g. host123.intranet.mycompany.com, then sshd:
intranet.mycompany.com would be your hosts.allow entry.
Best Regards,
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- Re: allow login from specific address
- From: Sylvain Ferriol
- Re: allow login from specific address
- References:
- allow login from specific address
- From: Sylvain Ferriol
- allow login from specific address
- Prev by Date: allow login from specific address
- Next by Date: Re: allow login from specific address
- Previous by thread: allow login from specific address
- Next by thread: Re: allow login from specific address
- Index(es):
Relevant Pages
|
