Hi:
man 5 sshd_config
Edit /etc/ssh/sshd_config and add the following line:
AllowUsers [EMAIL PROTECTED]
ListenAddress directive is another way to achieve your purpose, but
iptables and tcp wrappers (hosts.allow hosts.deny) are also valid methods.
Bye
S.D.Allen escribió:
Greetings;
I
On 2008-09-22, Jason Voorhees [EMAIL PROTECTED] wrote:
Hi:
man 5 sshd_config
Edit /etc/ssh/sshd_config and add the following line:
AllowUsers [EMAIL PROTECTED]
ListenAddress directive is another way to achieve your purpose, but
iptables and tcp wrappers (hosts.allow hosts.deny) are
Greetings;
I can seem to figure out which config file to edit and what to enter
to allow only hosts on the LAN to connect via SSH. I'll have the box
in question available to the entire Internet and want to disable
global access to SSH. Presently I'm using password authentication, and
would prefer
S.D.Allen wrote:
Greetings;
I can seem to figure out which config file to edit and what to enter
to allow only hosts on the LAN to connect via SSH. I'll have the box
in question available to the entire Internet and want to disable
global access to SSH. Presently I'm using password
Well, one option is to just set a rule-pair in your firewall:
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
That way connections from the internal network are accepted; all other
traffic to the ssh port is dropped. If you go this
You might also have a look at hosts.allow and hosts.deny
(http://linux.about.com/od/commands/l/blcmdl5_hostsal.htm is just the
first google result; the man pages certainly have more info, but I
don't use hosts.* myself so I can only really provide a pointer). I'm
not sure that really adds
Lubos Vrbka wrote:
you can put more or less anything on the line and control who's allowed
to connect (man hosts.deny). i'd say it is straightforward and works
immediatelly without a need to (re)configure a firewall.
You mean people actually still use tcp wrappers after all these
years? :)
On 09/19/2008 12:32 PM, Lubos Vrbka wrote:
well, if i understood the question correctly, this should do.
put to file /etc/hosts.allow:
ALL:ALL
put to file /etc/hosts.deny:
sshd: .your.domain.com allowed_ip_addresses allowed_networks
allowed_hostnames
you can put more or less anything on the
On 2008-09-19, Mumia W.. [EMAIL PROTECTED] wrote:
On 09/19/2008 12:32 PM, Lubos Vrbka wrote:
well, if i understood the question correctly, this should do.
put to file /etc/hosts.allow:
ALL:ALL
put to file /etc/hosts.deny:
sshd: .your.domain.com allowed_ip_addresses allowed_networks
On 2008-09-19, Jeff Soules [EMAIL PROTECTED] wrote:
Well, one option is to just set a rule-pair in your firewall:
iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
Good suggestion. I think I'll try all 3 suggestions.
Thanks to Nate as
10 matches
Mail list logo