How do I restrict ssh access to certain ip addresses?

360 · 04-04-2002, 05:31 PM

Running RH7.1

I need to restrict ssh access to certain ip address for security.

I was able to do this with hosts.deny and host.allow files but xinetd is different.

What is the easiest way?

Please be very explicit.

Thanks

acid_kewpie · 04-04-2002, 06:03 PM

you can use the AllowUsers line to only allow connectiosn from user@host check the sshd man page for details on it

360 · 04-04-2002, 07:36 PM

Check man ssh.
Did not find an pattern matching AllowUser.

I need this to be ip addresses based.

Thanks

Mik · 04-05-2002, 01:55 AM

I've got xinetd running and I still use the hosts.allow and hosts.deny files. I think I compiled xinetd with tcp_wrappers support though. I'm not sure if your distribution also compiled it like that.
Well the way to do it in with xinetd is to add a line like this for the service you want to restrict:

only_from = 192.168.77.88

or if you want everything except a some specific hosts then you would add a line like:

no_access = 192.168.77.55 192.168.77.66

Try running 'man xinetd.conf' for some more information.

acid_kewpie · 04-05-2002, 05:27 AM

Quote:

Originally posted by 360
Check man ssh.
Did not find an pattern matching AllowUser.

I need this to be ip addresses based.

Thanks

i said sshd not ssh

Quote:

AllowUsers
This keyword can be followed by a list of user name patterns,
separated by spaces. If specified, login is allowed only for
users names that match one of the patterns. `*' and `'? can be
used as wildcards in the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is
allowed for all users. If the pattern takes the form USER@HOST
then USER and HOST are separately checked, restricting logins to
particular users from particular hosts.

jeremy · 04-05-2002, 08:04 AM

If you are using OpenSSH you can add --with-tcp-wrappers to your configure line. You can then use hosts.deny and hosts.allow.

--jeremy