SSH Security
Michael Anaya
mianaya at edatatrace.com
Fri Oct 1 17:31:07 UTC 2004
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com]
On Behalf Of Alexey Fadyushin
Sent: Thursday, September 30, 2004 10:02 AM
To: ddelao at oucpm.org; General Red Hat Linux discussion list
Subject: Re: SSH Security
You should use option AllowUsers in file /etc/ssh/sshd_config. This option
lists the names of users which are allowed to connect via ssh and host
from which them are allowed to connect. For example:
AllowUsers: *@192.168.11.1
should allow any user to connect from host 192.168.11.1. Connections
from other addresses willn ot succeed.
Also you can use files /etc/hosts.allow and/or /etc/hosts.deny which
define restrictions for connections to daemons which use libwrap (SSH
does use it).
It is also possible to filter incoming connections to port ssh with
iptables, so the packets from any hosts not allowed to connect to SSH
will be dropped.
Alexey Fadyushin.
Brainbench MVP for Linux
http://www.brainbench.com
Darryl W. DeLao Jr. wrote:
> How can I tell the SSH server to only allow certain IP's the ability to
> login?
AllowUsers is a list of local user accounts allowd to ssh in.
AllowUsers: username1 username2 username3
The option you are looking for:
ListenAddress ###.###.###.###:port
Both supported using protocol 2
HTH
More information about the redhat-list
mailing list