LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Restrict sftp access and changing its port (http://www.linuxquestions.org/questions/linux-security-4/restrict-sftp-access-and-changing-its-port-796033/)

farooq.pathan 03-17-2010 09:16 AM

Restrict sftp access and changing its port
 
Hey,

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.

Eg: users a can ssh from 192.168.*.*
user b can sftp from 200.*.*.*

how we can do this?

centosboy 03-17-2010 09:23 AM

Quote:

Originally Posted by farooq.pathan (Post 3901859)
Hey,

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.

Eg: users a can ssh from 192.168.*.*
user b can sftp from 200.*.*.*

how we can do this?

errm...couple of things.
you can only change the sftp port if you change the ssh port. you can do that in sshd_config

you can use iptables to limit from ip address
you can use /etc/security/access.conf to limit from ip address
you can use tcpwrappers since sshd has libwrap compiled in


Code:

ldd `which sshd` | grep wrap
        libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00159000)

forgot to add - once you have changed the sshd port, restart ssh and use

Code:

sftp -oPort=portnumber
for future sftp actions

smoker 03-17-2010 10:31 AM

If you use key based authentication, then you can add the ip address of each user to each users authorized_keys2 file.
This will limit connections to that account to that ip address.
Quote:

If you want to limit the connection for this key to your own hostname / ip address (client machine or for server to server) just add

host=xxx.xxx.xxx.xxx

before the ssh-rsa in ~/.ssh/authorized_keys2 , remembering to leave a space before ssh-rsa

(the x's being your ip or just enter your hostname if its real !)
ie

host=192.168.10.1 ssh-rsa pasteyourkeyhereexamplekeytextexamplekeytext your_key_name


All times are GMT -5. The time now is 02:55 PM.