Well, the older versions SSH-1.2x allowed for the practical "AllowHosts" directive in /etc/ssh/sshd_config, but the newer OpenSSH in 7.1 don't anymore. Spose they compiled it with TCP Wrappers (libwrap) so you should be able to use /etc/hosts.(deny,allow).
Now if you suspect it isnt set up with wrappers just compile your own --with-tcp-wrappers, IIRC.
You can also add allowed IP's to iptables/ipchains for that extra edge :-].
What I do is add a file with a single IP per line, then add a bi-directional rule in the script, like:
for host in $(/bin/cat /etc/hosts.ssh); do <rule, args> $host; done
Keeps the script clean, and all allowed IP's easily accessable.
|