With default OpenSSH installation, SSH allows access to any clients. This retriction can be configured to allow SSH access only to certain hosts and IP addresses to decrease unauthorized SSH login attempts to known and particular computer hosts and IP addresses only.
SSH Access Restrictions via TCP Wrapper
Step One
1. Backup and modify /etc/hosts.allow
# nano -w /etc/hosts.allow
Allow and Deny SSH Access to Specific Hosts / IP Addresses
To allow SSH access to IP address 83.83.83.83 , modify /etc/hosts.allow to reflect the below lines
sshd: 83.83.83.83
Access will be granted if both pairs represent a match. TCP wrappers should allow access if a matching SSH protocol and an IP address 83.83.83.83 is present from the requesting connection.
To allow SSH access to all hosts and/or subdomain(s) that is part of the parent domain yahoo.com
sshd: .yahoo.com
To grant SSH access to multiple IP address, simply append multiple address as shown
sshd: 83.83.83.83 127.0.0.1 83.83.83.84 192.168.1.1
To allow SSH access to starting IP address
sshd: 192.168.
To allow SSH access with network IP netmask
sshd: 192.168.1.0/255.255.255.0
To use asterisk (*) from /etc/hosts.allow
sshd: *.yahoo.com
To specify a large set of IP addresses and known hosts from a file
sshd: /etc/allowed.txt
To specify multiple hosts and IP addresses with excemption using except TCP wrapper operator
sshd: .yahoo.com EXCEPT search.yahoo.com
To allow access to everyone under .yahoo domain except 83.83.83.83
sshd: *.yahoo.com EXCEPT 83.83.83.83
To specify multiple SSH access restriction with multiple lines
sshd: 111.111.111.111
sshd: 222.222.222.222
If the above access lists rules appears inside /etc/hosts.allow, TCP wrappers allows the request. If the above lines appears from /etc/hosts.deny, TCP wrappers deny the request.
Step Two
To deny any other ssh access except from the ones listed from /etc/hosts.allow, backup and modify /etc/hosts.deny file
ALL: sshd
Save and exit.
All is done.
Subscription
Categories
- HowTos (612)
- Linux Devices (40)
- Linux Diggs (620)
- Linux News (1541)
- Linux Videos (24)
Recent Posts
Blog Archive
-
▼
2008
(2301)
-
▼
July
(297)
- How To Kill Application Process ID (PID) The Faste...
- How To Install Fedora 9 From The Internet
- How To Install PHP5 and Apache HTTP Server
- How To Display The Number of Processors in Linux
- How To Prevent Alt+F1 and Alt+F2 TTY Console Login...
- How To Install Text-based File Manager
- How To Delete Linux Files Older Than 360 days
- How To Install VirtualBox on Fedora 9
- HowTo: Delete All Thumbs.db Recursively
- HowTo: Delete All Thumbs.db Recursively
- 10 Cool Open Source Easter Eggs
- KDE 4.1 rocks the desktop
- 10 Cool Open Source Easter Eggs
- KDE 4.1 rocks the desktop
- Roku's Netflix Player: a hands-on review
- PostPath cracked Exchange protocols for Postfix-ba...
- Yahoo, HP, Intel Give Ivory Towers a Stairway to t...
- Portugal Rings Up Big Order for Intel's Classmate PCs
- SSD vs. SATA RAID: A Performance Benchmark
- Roku's Netflix Player: a hands-on review
- PostPath cracked Exchange protocols for Postfix-ba...
- Yahoo, HP, Intel Give Ivory Towers a Stairway to t...
- Portugal Rings Up Big Order for Intel's Classmate PCs
- Floating Point Math in Bash
- SSD vs. SATA RAID: A Performance Benchmark
- How To Mount Remote Folder Location Via SSHFS
- How To Protect SSH From Multiple and Parallel Coor...
- How To Enable IP Forwarding in Linux
- spell check text file from terminal
- spell check text file from terminal
- How To Allow and Deny SSH Access To Specific Users
- Customer demand adds Linux to industrial computer ...
- Is OpenSolaris in hot water?
- Anatomy of the Linux file system
- Linux development on the PS 3 More than a toy - pa...
- Quotes from Bill Gates, Steve Jobs and Linus Torvalds
- Under Pressure, ISP Admits Secret Web Snooping in ...
- Open Web Foundation to Play Freedom Cop for Net Specs
- Customer demand adds Linux to industrial computer ...
- Is OpenSolaris in hot water?
- Anatomy of the Linux file system
- Linux development on the PS 3 More than a toy - pa...
- Quotes from Bill Gates, Steve Jobs and Linus Torvalds
- Installing Applications on Linux
- Under Pressure, ISP Admits Secret Web Snooping in ...
- Open Web Foundation to Play Freedom Cop for Net Specs
- Microsoft Becomes Just a Little More Like Apple
- Tux3, a Versioning Filesystem
- Anatomy of Linux loadable kernel modules
- Shuttleworth: Microsoft Does Not Want War
- The Open Call
- Google Gadgets for Linux -- Almost There
- Cloud Computing: When Computers Really Do Rule
- Consoles Sell Like Hotcakes, Yahoo Cuts a Deal, Sy...
- Microsoft Becomes Just a Little More Like Apple
- Tux3, a Versioning Filesystem
- Anatomy of Linux loadable kernel modules
- Shuttleworth: Microsoft Does Not Want War
- The Open Call
- Google Gadgets for Linux -- Almost There
- Cloud Computing: When Computers Really Do Rule
- Consoles Sell Like Hotcakes, Yahoo Cuts a Deal, Sy...
- How To Install Adobe Flash Player 10 in Fedora
- How To Add and Install Alternative Liberation Fonts
- Digg it: Top 1 Supercomputer is powered by Fedora
- How To Send System Message To FTP Clients via TCP ...
- Intel Switches From Ubuntu To Fedora For Mobile Linux
- Intel Switches From Ubuntu To Fedora For Mobile Linux
- How To Create Separate SSH Log File for Specific S...
- How To Allow and Deny SSH Access To Selected Hosts...
- Fedora 10 - Friends, Freedom, Features, and First
- Fedora 10 - Friends, Freedom, Features, and First
- The Mess That is Linux Volume Management
- Are We About to Witness a Real OS X virus?
- Security is No Secret
- Enterprise Storage Solution Using Nand Flash and ZFS
- Shuttleworth Sets Bar For Linux 'Beyond Apple'
- Why We Still Need the iPhone App Black Market
- DragonFly BSD 2.0 Released
- Interview with Mandriva's KDE Developer Helio Castro
- Mandriva and PTech Announce Low-cost Desktop
- The Coco Bidet and Toilet Technology
- The Mess That is Linux Volume Management
- Are We About to Witness a Real OS X virus?
- Security is No Secret
- Enterprise Storage Solution Using Nand Flash and ZFS
- Shuttleworth Sets Bar For Linux 'Beyond Apple'
- Why We Still Need the iPhone App Black Market
- DragonFly BSD 2.0 Released
- Interview with Mandriva's KDE Developer Helio Castro
- Mandriva and PTech Announce Low-cost Desktop
- The Coco Bidet and Toilet Technology
- Automatix Comes to Fedora 9 - FedoMATIX
- Automatix Comes to Fedora 9 - FedoMATIX
- #1 Supercomputer in the World Runs Fedora
- #1 Supercomputer in the World Runs Fedora
- How To Install An Extremely Fast, Lightweight, But...
- How To Bypass DNS Log Monitoring By Your ISP
- Veteran developer ditches Microsoft for open source
- Why not learn a little language while you work, Am...
-
▼
July
(297)
Friday, July 25, 2008
How To Allow and Deny SSH Access To Selected Hosts and IP Addresses
Subscribe to:
Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy
0 comments:
Post a Comment