LinuxQuestions.org - Restrict sftp access and changing its port

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - Restrict sftp access and changing its port (https://www.linuxquestions.org/questions/linux-security-4/restrict-sftp-access-and-changing-its-port-796033/)

Restrict sftp access and changing its port

Hey,

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.

Eg: users a can ssh from 192.168.*.*
user b can sftp from 200.*.*.*

how we can do this?

Quote:

Originally Posted by farooq.pathan (Post 3901859)

errm...couple of things.
you can only change the sftp port if you change the ssh port. you can do that in sshd_config

you can use iptables to limit from ip address
you can use /etc/security/access.conf to limit from ip address
you can use tcpwrappers since sshd has libwrap compiled in

Code:

ldd `which sshd` | grep wrap

        libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00159000)

forgot to add - once you have changed the sshd port, restart ssh and use

Code:

sftp -oPort=portnumber

for future sftp actions

If you use key based authentication, then you can add the ip address of each user to each users authorized_keys2 file.
This will limit connections to that account to that ip address.

Quote:

If you want to limit the connection for this key to your own hostname / ip address (client machine or for server to server) just add

host=xxx.xxx.xxx.xxx

before the ssh-rsa in ~/.ssh/authorized_keys2 , remembering to leave a space before ssh-rsa

(the x's being your ip or just enter your hostname if its real !)
ie

host=192.168.10.1 ssh-rsa pasteyourkeyhereexamplekeytextexamplekeytext your_key_name