LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-05-2018, 08:59 AM   #1
platypo
Member
 
Registered: Sep 2015
Posts: 68

Rep: Reputation: Disabled
Restrict OpenSSH to device


I am trying to restrict sshd to one device by leaving the following line in /etc/ssh/sshd_config uncommented:

Code:
ListenAddress 10.0.0.1
Is that all that has to be done to make the ssh-daemon listen on only one interface?

In my case i can still connect on all devices after a fresh reboot with the above configuration but weirdly if i restart sshd.service manually it seems to work properly.

Last edited by platypo; 03-05-2018 at 09:00 AM.
 
Old 03-05-2018, 09:08 AM   #2
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,435

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
Yes. That is how to restrict sshd to a single IP address (not device, although an IP address can only be on one device at a time)

Out production server uses 5 IP addresses (long story). One is used only for sshd. Attempts to ssh to any other IP on that server just hang...
 
Old 03-05-2018, 02:31 PM   #3
platypo
Member
 
Registered: Sep 2015
Posts: 68

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by scasey View Post
Yes. That is how to restrict sshd to a single IP address (not device, although an IP address can only be on one device at a time)

Out production server uses 5 IP addresses (long story). One is used only for sshd. Attempts to ssh to any other IP on that server just hang...
thank you.
So how can i avoid ssh login on the other device/address, i have no idea where to start (distribution is archlinux)
 
Old 03-05-2018, 05:03 PM   #4
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,435

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
If you have configured sshd with
Code:
ListenAddress 10.0.0.1
and restarted the sshd service, other addresses won't be listening on port 22 (or whatever port you've configured sshd to listen on).

Use
Code:
 netstat -tnlp
to see what's listening where:
Code:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd  <-- listening on all addresses
...
tcp        0      0 192.168.0.55:22         0.0.0.0:*               LISTEN      1174/sshd  <-- listening on 192.168.0.55 only
Not sure why that wouldn't survive a reboot. You are changing in /etc/ssh/sshd_config, correct? The sshd.service is enabled?
 
1 members found this post helpful.
Old 03-06-2018, 04:49 AM   #5
platypo
Member
 
Registered: Sep 2015
Posts: 68

Original Poster
Rep: Reputation: Disabled
I seem to have found the problem: for some reason sshd.socket is run at boot wich listens on all devices while sshd.service is disabled.
I still wonder, doesn't the socket use sshd_config?
 
Old 03-06-2018, 10:23 AM   #6
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,435

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
Don't know what sshd.socket is...Why do you have the sshd.service disabled? If it's enabled, it will use the sshd_config at boot time.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: OpenSSH 7.5 Has Security Fixes, Removes OpenSSL 1.0 Support for Portable OpenSSH LXer Syndicated Linux News 0 03-21-2017 04:11 PM
Restrict connections to 3G modem device to a few trusted hosts mr.simo Linux - Networking 1 05-13-2016 01:55 AM
How to convert openssh keys to openssh tectia format LittleMaster Linux - Server 1 11-17-2012 07:39 AM
LXer: Why a Distro-Provided OpenSSH is Better than a Third-Party OpenSSH LXer Syndicated Linux News 0 02-02-2011 07:50 AM
Restrict openssh REMOTE port-forward adrya Linux - Security 1 08-16-2009 02:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration