SSH how to configure differently for different cards (ie root access)
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SSH how to configure differently for different cards (ie root access)
I am using ssh to connect to a "firewall" machine and was wondering if it was possible to allow ssh root access on the internal nic only and not on the exernal nic. (how?)
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Absolutely. You need to start multiple SSH daemons with different config files. By default your system will start one SSH daemon from it's startup scripts, and that will use /etc/ssh/sshd_config as it's config file.
What I would do is copy your existing RC script for sshd, call it sshd_int or something like that. You'll need to create links to it from all the init levels you want it to run at in /etc/rc.d/*. Then edit the sshd_int script and make sure when /usr/sbin/sshd is started, you use -f <yourconfigfile>. Such as /usr/sbin/sshd -f /etc/ssh/sshd_config_int
Now of course you need to copy /etc/ssh/sshd_config to /etc/ssh/sshd_config_int as well, so you can edit that file. Here is what you need to change:
ListenAddress (needs to be your internal IP)
PermitRootLogin (although I would strongly suggest that you DO NOT DO THIS, use a normal user and use sudo to run command as root--don't login as root!)
You should also change ListenAddress in your original sshd_config to be just your external address. If your external address is obtained by DHCP, then there are a few other things you have to do to make sure the two daemons don't conflict with each other.
$ man sshd
$ man sshd_config
for more information. I got all of the above from the man pages.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.