Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am hosting DNS servers, a Web server, and a POP3/SMTP server on my VPS. I can access SSH through all of these IPs. For security reasons, I want to only allow SSH on the main IP (which only I have - I don't use the main VPS IP for anything but SSH).
I can't seem to find a "bind IP" option in ssh_config or in the manpages for it. Does such an option exist?
You might also want to use /etc/hosts.deny on the 3 servers you're hosting on your VPS. Plus to lock down SSH even further you might want to look at this:
Code:
AllowUsers
This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. `*' and `?' can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Lastly wouldnt you want to allow some kind of access to your hosted servers. Maybe SSH access only from your main VPS IP? To troubleshoot in case something goes wrong?
I've never used a VPS though, so is it that you have complete control and can change internal configs of all your other servers by merely logging on to your main VPS IP?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.