|
Problem with ssh listening address
Hello everyone,
First off i would like to start off by apolizing for editing a former thread identical to this one as solved. I should have posted a solution for everyone to see. But apparently its not solved because i reinstalled unbuntu server recently and i am trying to get it to only allow one computer to accsess it. so after doing this etc/ssh/ sudo nano sshd_config I uncomment #ListenAddress 0.0.0.0 Ok so i am trying to accsess my server from a windows machine so i tpyed ipconfig /all to find my ip I found the IPV4 address and i put that address like so ListenAddress 192.168.1.22 But when i try and connect it says connection refused. Does anyone know what i am doing wrong? |
Not sure why you would uncomment out the #listenaddress line(Ive never used it that way) but if you want to allow user access from just one IP you can use:
Allowusers username@192.168.1.22 Also anytime you make changes to sshd_config you need to restart the ssh service. Are you connecting to the server from 192.168.1.22? If you are connecting from outside the subnet what you're trying to do wont work. Edit: According to the man pages for sshd_config: "ListenAddress" Specifies the local addresses sshd should listen on. So changing that to your remote address(192.168.1.22) is not going to work. |
Hmm ok,
I do not know what "listens on" means. I thought it meant what computer it will allow to connect, but i guess i am wrong. When you say use the line AllowUser username@196.192.1.22 Do i put my windows user name or unbuntu? I am assuming its my windows. |
Acutally, windowsusername@192.168.1.22 i cant log in anymore, i get prompt for username, then i type in password but it says access denied.
Oh i also tryed unbuntuUserName@ipForRemotePc same thing got locked out on all comps |
Consider using Public Key Authentication.
If you setup the server with only one public key, you can stick the corresponding private key on the computer you want to have exclusive access to the server. That removes the problem of limiting the IP addresses. If you setup public key authentication, then disable passwords, you also remove the risk of the SSH port being brute-forced. |
I did that, i was reading through tutorials and it seemed they all suggested key authing and only allowing one ip to connect.
I am not familiar with what tools hackers use to get into servers, so i do not know if their is a way around key auth. I just thought i would restrict what ip ssh would let access. (Just another hump for a potential hacker) So ya what i want to do is lock down ssh as much as possible, i have done this so fair 1. disabled root login 2. changed standard port 3 Enabled key auth. 4. disable password login And what i am having trouble with is 5. make ssh only allow my personal pc to connect to it via putty. ( i dont even want it to allow other people to be given the option of puttying in a username). Is key auth safe enough to only rely on, without limiting the ips that can connect? |
Quote:
Check out TCP Wrappers. If you want to continue with the IP setup. These deal with two files: /etc/hosts.allow /etc/hosts.deny .allow rules trump the .deny rules. Go here and scroll down to 'hosts.allow and hosts.deny'. By putting: ALL : ALL in the .deny file and: sshd : 192.168. in the .allow file, your LAN should be secure. The '192.168.' covers the range of your local LAN, in case your router gives out dynamic IP addresses. |
| All times are GMT -5. The time now is 11:01 AM. |