Re: allow login from specific address
- From: Sylvain Ferriol <sferriol@xxxxxxx>
- Date: Wed, 20 Sep 2006 17:48:24 +0200
Todd H. a écrit :
Sylvain Ferriol <sferriol@xxxxxxx> writes:
hello
i want to config a ssh gateway between internet and my intranet:
the specifications are:
- a user from internet can not login the ssh_gateway
- some users (admins) from intranet can login the ssh_gateway
how can i do that ?
can i allow sshd to accept login only from an ip address range ?
is it more secure to only accept port forwarding on ssh_gateway ?
TCP Wrappers rather than an sshd config is the place to do this.
THe 30 second tutorial, assuming it's installed:
edit /etc/hosts.deny
Make this the one and only line: sshd: ALL
the problem is that i want to allow port forwarding from internet to intranet like this:
ssh -N -L 4444:foo_server:4444 sshd_gateway
.
Or, if you want to get more restrictive and don't host external
services on the box make that:
ALL:ALL
which denies everything by default except things specifically
allowed.
Next, edit /etc/hosts.allow
Add lines sshd: ip.address.to.allow.here
sshd: ip.address2.to.allow.here
sshd: ip.address3.to.allow.here
sshd: ip.address4.to.allow.here
sshd: intranet.mycompany.com
Man hosts.allow for more details and different ways to specify ip
ranges and subnets. If your intranet hosts reverse resolve to a
consistent name e.g. host123.intranet.mycompany.com, then sshd:
intranet.mycompany.com would be your hosts.allow entry.
Best Regards, --
Todd H.
http://www.toddh.net/
- Follow-Ups:
- Re: allow login from specific address
- From: Todd H.
- Re: allow login from specific address
- References:
- allow login from specific address
- From: Sylvain Ferriol
- Re: allow login from specific address
- From: Todd H.
- allow login from specific address
- Prev by Date: Re: allow login from specific address
- Next by Date: Re: allow login from specific address
- Previous by thread: Re: allow login from specific address
- Next by thread: Re: allow login from specific address
- Index(es):
Relevant Pages
|
|
