From: luke@techfreak.org
To: linux-admin@vger.kernel.org
Subject: Re: Re[2]: SSH allow only form selected IP'
Date: Sat, 14 Aug 2004 06:52:19 -0500 (CDT) [thread overview]
Message-ID: <1066.66.189.78.234.1092484339.squirrel@srv01.scriptgods.com> (raw)
One very effective way that I have found to do this is to use the
'hosts.allow' file located at /etc/hosts.allow
Openssh uses this to restrict or allow access to the server from IP,
host names, etc. Keep in mind that using this method can restrict
access to the server using ANY method. To retrict only SSH you must
them also ALLOW all other system methods.
For instance, to block access to the server from any IP except
216.12.214.217, but allow all IP's to access the server using ftp,
use this syntax:
-------------------------------
ALL : 216.12.214.217 : ALLOW
vsftpd : ALL
ALL : ALL : DENY
--------------------------------
basically, this says, allow 216.12.214.217 access of any kind. Allow
anyone to access using VSFTP. Deny all others.
One other important note: hosts.allow only blocks or allows access
to system services such as SSH, FTP, HTTPD, etc. This will not
restrict access to a non-standard service such as a game server or
chat software running on port 10000.
Luke
>>>
>>>i have a redhat enterprise 3 linux box, how can i configure SSH
>>> demon
>>>only to allow SSH connections only form selected IP's ?
>>>
>>>i have 3 IP rangers that i need to allow, how can i do this ?
>>>
>>>thanks a lot
>>>Kev
>>
>>>
>>Use your firewall rules. Something like:
>>
>>iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -s
>>192.168.0.0/24 --dport 22 -j ACCEPT
>>iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d
>>192.168.0.0/24 --sport 22 -j ACCEPT
>>
>>Where 192.168.0.0/24 is the range you are allowing.
>
> anyway i can do this with the SSH config ?
>
> i can use the iptabel rules for 2-3 IP rangers ?
>
> -------
> Web Hosting at a cheap price, starting at $1 per month with your
own domain, .COM, .NET, .LK, .ORG etc..
> PHP, CGI, Perl, MySQL, Cpanel 9, POP3, POP3s, SMTP, IMAP, FTP,
> http://www.orbitsl.net
>
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next reply other threads:[~2004-08-14 11:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-14 11:52 luke [this message]
2004-08-15 12:58 ` SSH allow only form selected IP' James Turnbull
2004-08-15 13:54 ` Re[2]: " Kev
2004-08-15 14:59 ` luke
2004-08-16 11:23 ` James Turnbull
2004-08-16 13:37 ` Re[2]: " Kev
2004-08-16 16:30 ` VPN question Tony Gogoi
2004-08-16 17:29 ` Adam Lang
2004-08-16 18:50 ` Tony Gogoi
2004-08-16 18:59 ` Adam Lang
2004-08-18 10:46 ` SSH allow only form selected IP' Stephen Samuel
-- strict thread matches above, loose matches on Subject: below --
2004-08-14 10:34 Kev
2004-08-14 10:54 ` James Turnbull
2004-08-14 11:18 ` Re[2]: " Kev
2004-08-14 11:42 ` James Turnbull
2004-08-14 11:54 ` Re[2]: " Kev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1066.66.189.78.234.1092484339.squirrel@srv01.scriptgods.com \
--to=luke@techfreak.org \
--cc=linux-admin@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).