how to configure ssh to allow login from only specific ip's

Protecting your Linux box

how to configure ssh to allow login from only specific ip's

Postby small^one » Tue May 29, 2007 6:31 pm

aslam-o-alaikum

i wan't to allow a system at network to access my system through ssh, but the main prob is that the other users will also try to access my sysem through ssh. how cud i make my ssh allow login from only specific users, i mean specific ip's

Best regards
Imran Ali :D
Allah is Great . . . .
small^one
Cadet
 
Posts: 4
Joined: Thu May 24, 2007 8:21 pm
Location: End of the road . . . . . . .

Re: how to configure ssh to allow login from only specific i

Postby lambda » Tue May 29, 2007 7:43 pm

small^one wrote:how cud i make my ssh allow login from only specific users, i mean specific ip's
be exact about what you want. access by specific users is a very different thing from access by specific ips.

the two general ways of restricting access to certain ips are to use the /etc/hosts.{allow,deny} files, or iptables. for iptables, you need to add entries to the INPUT chain to allow access from certain ips, and to deny all other access, like so:

Code: Select all

iptables -A INPUT -m tcp -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.12 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j REJECT
don't forget to save your rules.

the other solution is to edit /etc/hosts.allow and list the ips there:

Code: Select all

sshd: 192.168.1.10, 192.168.1.12, 192.168.1.24
and then edit /etc/hosts.deny and deny all other hosts:

Code: Select all

sshd: ALL
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Re: how to configure ssh to allow login from only specific i

Postby small^one » Thu May 31, 2007 11:56 pm

lambda wrote:
small^one wrote:how cud i make my ssh allow login from only specific users, i mean specific ip's
be exact about what you want. access by specific users is a very different thing from access by specific ips.

the two general ways of restricting access to certain ips are to use the /etc/hosts.{allow,deny} files, or iptables. for iptables, you need to add entries to the INPUT chain to allow access from certain ips, and to deny all other access, like so:

Code: Select all

iptables -A INPUT -m tcp -p tcp -s 192.168.1.10 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.12 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s 192.168.1.24 --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j REJECT
don't forget to save your rules.

the other solution is to edit /etc/hosts.allow and list the ips there:

Code: Select all

sshd: 192.168.1.10, 192.168.1.12, 192.168.1.24
and then edit /etc/hosts.deny and deny all other hosts:

Code: Select all

sshd: ALL






Thx

It really helped me a lot to manage my network. As some users were trying to access my system through ssh, now it is ok


thx again

Best regards;
Muhammad imran ali
Allah is Great . . . .
small^one
Cadet
 
Posts: 4
Joined: Thu May 24, 2007 8:21 pm
Location: End of the road . . . . . . .

Postby ranatanveer » Sat Jun 02, 2007 11:01 am

Dear Lambda
AOA

I appreciate the approach you convey your knowledge.
Regards

Rana Tanveer
+923224194457
Linux Student

For Affordable Web Development http://www.affordableprogrammers.com
http://www.qualityprogrammers.com
ranatanveer
Subedar
 
Posts: 355
Joined: Sat May 07, 2005 11:54 am
ICQ: 133032001
Website: http://www.affordableprogrammers.com
WLM: ranatanveer@gmail.com
Yahoo Messenger: ranahard@yahoo.com
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 2 guests

cron