LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-17-2010, 09:16 AM   #1
farooq.pathan
LQ Newbie
 
Registered: Mar 2010
Posts: 5

Rep: Reputation: 0
Restrict sftp access and changing its port


Hey,

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.

Eg: users a can ssh from 192.168.*.*
user b can sftp from 200.*.*.*

how we can do this?
 
Old 03-17-2010, 09:23 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by farooq.pathan View Post
Hey,

I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.

Eg: users a can ssh from 192.168.*.*
user b can sftp from 200.*.*.*

how we can do this?
errm...couple of things.
you can only change the sftp port if you change the ssh port. you can do that in sshd_config

you can use iptables to limit from ip address
you can use /etc/security/access.conf to limit from ip address
you can use tcpwrappers since sshd has libwrap compiled in


Code:
ldd `which sshd` | grep wrap
        libwrap.so.0 => /usr/lib/libwrap.so.0 (0x00159000)
forgot to add - once you have changed the sshd port, restart ssh and use

Code:
sftp -oPort=portnumber
for future sftp actions

Last edited by centosboy; 03-17-2010 at 09:26 AM.
 
Old 03-17-2010, 10:31 AM   #3
smoker
Senior Member
 
Registered: Oct 2004
Distribution: Fedora Core 4, 12, 13, 14, 15, 17
Posts: 2,279

Rep: Reputation: 250Reputation: 250Reputation: 250
If you use key based authentication, then you can add the ip address of each user to each users authorized_keys2 file.
This will limit connections to that account to that ip address.
Quote:
If you want to limit the connection for this key to your own hostname / ip address (client machine or for server to server) just add

host=xxx.xxx.xxx.xxx

before the ssh-rsa in ~/.ssh/authorized_keys2 , remembering to leave a space before ssh-rsa

(the x's being your ip or just enter your hostname if its real !)
ie

host=192.168.10.1 ssh-rsa pasteyourkeyhereexamplekeytextexamplekeytext your_key_name
 
  


Reply

Tags
access, sftp, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:40 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 12:00 PM
LXer: How to: Restrict Users to SCP and SFTP and Block SSH Shell Access with rssh LXer Syndicated Linux News 0 01-02-2008 10:00 AM
Changing Access Port in Wu-Ftp shane25119 Linux - Server 0 03-18-2007 06:07 PM
Restrict ssh/sftp with chroot? Chowroc Linux - Networking 4 01-25-2005 10:48 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration