LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-27-2004, 01:57 AM   #1
robberttheman
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Rep: Reputation: 0
securing ssh


Hi there, i have SSH running and i'd like to secure this on some Ip's only. Could someone tell me where i can make such exceptions? So just for my ipadress an ALLOW.
DENY FROM ALL
ALLOW FROM myip
ALLOW FROM another IP
etc

Hope someone can help,

Kind regards Robbert
 
Old 08-27-2004, 03:43 AM   #2
wrongman
Member
 
Registered: May 2004
Location: Italy
Distribution: Debian Unstable 64bit
Posts: 99

Rep: Reputation: 15
i made it with iptables, pretty rude but it works
allowed on port 22 only the ip i want
 
Old 08-27-2004, 03:44 AM   #3
iainr
Member
 
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631

Rep: Reputation: 30
In /etc/hosts.allow and /etc/hosts.deny. Google on TCP Wrappers for more configuration information.
 
Old 08-27-2004, 03:45 AM   #4
robberttheman
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Original Poster
Rep: Reputation: 0
Hey i am a newbie, would you care to explain or know a nice howto for this

Thx in advance,

Robbert
 
Old 08-27-2004, 03:46 AM   #5
robberttheman
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by iainr
In /etc/hosts.allow and /etc/hosts.deny. Google on TCP Wrappers for more configuration information.
Ok but if i use this, it won't affect a webserver or any other ports? I will try to google on that, thx

Robbert
 
Old 08-27-2004, 04:23 AM   #6
bruj3w
Member
 
Registered: Mar 2004
Location: england
Distribution: slackware
Posts: 164

Rep: Reputation: 30
i used iptables to do it.

iptables -A INPUT -p tcp -s ipaddress -m mac --mac macaddress --dport 22 -j ACCEPT

you can leave -m mac --mac macaddress bit out. it will make things a little more secure though.

you can edit /etc/sshd_config and disable root login, you could also run it on a different port number , anything above 1024.
 
Old 08-27-2004, 04:25 AM   #7
robberttheman
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Original Poster
Rep: Reputation: 0
Gr8 thx 4 your help, i will try this....
 
Old 08-27-2004, 07:35 AM   #8
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Quote:
Originally posted by robberttheman
Ok but if i use this, it won't affect a webserver or any other ports? I will try to google on that, thx

Robbert
Apache does not refer to hosts.allow or hosts.deny in any standard build. Only services that are started through inetd/xinetd or are compiled with libwrap support use these files.
 
Old 08-27-2004, 07:36 AM   #9
robberttheman
LQ Newbie
 
Registered: Jul 2004
Posts: 15

Original Poster
Rep: Reputation: 0
Talking

ok thx for the quick reply
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
Wierd happenings when securing SSH mattp Linux - Security 13 10-07-2005 07:00 AM
Securing SSH ZilverZtream Linux - Security 5 12-10-2004 03:33 PM
Securing a system and its SSH install for access from the outside TheOneKEA Linux - Security 4 07-07-2004 03:27 PM
Securing SSH tarballedtux Linux - Security 3 11-16-2002 04:45 AM


All times are GMT -5. The time now is 01:26 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration