Re: How to permit selective SSH access?

From: Jean-David Beyer (jdbeyer_at_exit109.com)
Date: 06/03/04 

Date: Thu, 03 Jun 2004 07:30:31 -0400

Reply-Via-Newsgroup Thanks wrote:
>
> Folks,
>
> I have tried reading the 'man' page on ssh and attempted to configure
>
> /etc/ssh/hosts.equiv
> .shosts
>
> to only permit access to the server from a select number of IP addresses
> however it doesn't work (meaning access is permitted from all IP
> addresses regardless of origin).
>
> I just placed the IP addresses in the above files - Can someone provide
> me with some examples or suggest where I am going wrong?
>
> Please reply via the newsgroup so all can learn,
>
> Thanks in advance,
> Randell D.

I do it with iptables.

I have iptables set up to deny access from anyone to anything.

Then I selectively allow those IP addresses I care about to connect to
those ports I want.

So for ssh, I have entries like:

# For sshd daemon.
for sip in $[list of good guys for ssh]; do
   $IPT -A IN_FIREWALL -p tcp -m state --state NEW \
       -s $sip --dport ssh -j ACCEPT
done 

-- 
   .~.  Jean-David Beyer           Registered Linux User 85642.
   /V\                             Registered Machine   241939.
  /( )\ Shrewsbury, New Jersey     http://counter.li.org
  ^^-^^ 07:25:00 up 2 days, 16:24, 5 users, load average: 2.05, 2.09, 2.08

Relevant Pages

  • Re: How to permit selective SSH access?
    ... > only permit access to the server from a select number of IP addresses ... Forgive the self-promotion, but I do actually think it's relevant... ... I wanted to be able to access my computers via SSH from anywhere on the ... and my server is a 16MHz 68030 Macintosh). ...
    (comp.os.linux.networking)
  • Re: How to permit selective SSH access?
    ... > only permit access to the server from a select number of IP addresses ... Forgive the self-promotion, but I do actually think it's relevant... ... I wanted to be able to access my computers via SSH from anywhere on the ... and my server is a 16MHz 68030 Macintosh). ...
    (comp.os.linux.security)
  • Re: How to permit selective SSH access?
    ... > only permit access to the server from a select number of IP addresses ... Forgive the self-promotion, but I do actually think it's relevant... ... I wanted to be able to access my computers via SSH from anywhere on the ... and my server is a 16MHz 68030 Macintosh). ...
    (linux.redhat.misc)
  • Re: How to permit selective SSH access?
    ... >> I have tried reading the 'man' page on ssh and attempted to configure ... >> to only permit access to the server from a select number of IP ... > I have iptables set up to deny access from anyone to anything. ...
    (linux.redhat.misc)
  • Re: How to permit selective SSH access?
    ... >> I have tried reading the 'man' page on ssh and attempted to configure ... >> to only permit access to the server from a select number of IP ... > I have iptables set up to deny access from anyone to anything. ...
    (comp.os.linux.networking)