LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-30-2004, 01:12 AM   #1
Beans0063
LQ Newbie
 
Registered: Sep 2004
Posts: 1

Rep: Reputation: 0
restrict ssh logins by ip by user account


I have a question I hope someone can help me with. I am trying to restrict ssh logins for a particular user account to a group of ip addresses. I don't my other user accounts to be restricted in this way. Does anyone one if this is possible?

Thank you for the help.
 
Old 09-30-2004, 01:58 PM   #2
craig34
LQ Newbie
 
Registered: Sep 2004
Distribution: FreeBSD
Posts: 8

Rep: Reputation: 0
Re: restrict ssh logins by ip by user account

Quote:
Originally posted by Beans0063
I have a question I hope someone can help me with. I am trying to restrict ssh logins for a particular user account to a group of ip addresses. I don't my other user accounts to be restricted in this way. Does anyone one if this is possible?

Thank you for the help.
I would also be interested in doing this, if anyone has any suggestions.
 
Old 09-30-2004, 02:13 PM   #3
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Rep: Reputation: 31
Read:

man sshd_config

Choose the options you like and then edit your:

/etc/ssh/sshd_config





I usually change the port mine listens on, alow only protocol 2, allow only a special group to login (of which the only users in that group are my wife and I), and disable root logins (you can always "su").


Have fun, be safe

I'm having a little trouble under standing the question. Are you trying to restrict certain users or a range of IP's?

Last edited by flashingcurser; 09-30-2004 at 02:16 PM.
 
Old 09-30-2004, 02:22 PM   #4
craig34
LQ Newbie
 
Registered: Sep 2004
Distribution: FreeBSD
Posts: 8

Rep: Reputation: 0
Quote:
Originally posted by flashingcurser
...disable root logins (you can always "su").
I was under the impression that if I disabled a root login, that certain programs would not be able to function properly any longer.
 
Old 10-04-2004, 01:29 PM   #5
flashingcurser
Member
 
Registered: Jan 2003
Distribution: many win/nix/mac
Posts: 259

Rep: Reputation: 31
SU, as far as I know, is the same as actually logging in as root.

The only thing I know that may not work is running scripts that have password-less logins that require root access. (for example some automatic rsync backup scripts are set up this way)

If you simply need a root command prompt on a remote machine, SU works great. It is far safer to disable root logins. The reason is that, one-- they have to guess a valid user name, two -- they have to brute force 2 passwords (the user that they guessed and the root password -- dont let anyone give ya the finger, disable finger).


Have fun and be safe


Dan

 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dissallow user account logins..?? snip128 Linux - Newbie 1 08-12-2005 02:07 AM
restrict/allow ssh users mike30188 Linux - Security 2 06-20-2005 08:37 PM
How to restrict the ssh operation for one user fidelis Linux - Security 2 09-13-2004 02:37 AM
SSH and SCP user logins sopiaz57 Linux - Security 11 01-27-2004 09:38 PM
User account and SSH: I need advices... Zingaro2002 Linux - Security 8 10-31-2003 04:50 AM


All times are GMT -5. The time now is 03:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration