Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using slackware 8.0 for my mail server. for the last few months i'm facing huge illegal ssh login attempt in my server. I can't stop the ssh service cause i need it. but i want to allow some specific IPs only from where the ssh login can be done. from all other IP ssh will be denied. how to do it? can anyone please help me out?
You could move your SSH port to something other than 22, for starters. In your sshd config file (on my systems it's /etc/ssh/sshd_config) you will want these entries:
Code:
Port 8945 # or something beside 22
Protocol 2
To allow logins only from specific IPs, you can add this to sshd_config:
Code:
AllowUsers *@1.2.3.4
That will only allow SSH logins from any user from IP address 1.2.3.4.
You can lock it down even tighter by disallowing direct root logins, and specifying a user in the line above. For example, create a user "ridwan77", add them to the group wheel, and include this in your sshd_config file:
Code:
AllowUsers ridwan77@1.2.3.4
PermitRootLogin no
In this case, only ridwan77 will be allowed to login, and then only from IP address 1.2.3.4. You can include netblocks in the AllowUser with
Code:
AllowUsers ridwan77@1.2.3.*
You will have to restart sshd to make any changes effective. Restarting sshd will not kill your current session.
Thanks for your quick reply.
You said "For example, create a user "ridwan77", add them to the group wheel, and include this in your sshd_config file" .... I'm confused about adding to the group wheel. how to do that please describe
I have added the following lines in my /etc/ssh/sshd_config file:
AllowUsers ridwan77@192.168.222.*
PermitRootLogin no
and then i killed the sshd daemon and start it again. but i can't login and the log is showing the following messages:
May 27 18:07:01 mail sshd[612]: input_userauth_request: illegal user ridwan77
May 27 18:07:01 mail sshd[612]: Failed none for illegal user ridwan77 from 192.1
68.222.10 port 2232 ssh2
May 27 18:07:01 mail sshd[612]: Failed keyboard-interactive for illegal user rid
wan77 from 192.168.222.10 port 2232 ssh2
May 27 18:07:09 mail sshd[612]: Failed password for illegal user ridwan77 from 1
92.168.222.10 port 2232 ssh2
and then enter a good, secure password for the user (at least 10 characters, combination of upper- and lower-case letters, numerals, and special characters).
Don't forget to add the user to wheel. Edit /etc/group, and the line that says something like (probably)
Since you don't always know the IPs of the machines you'll be using to log in to your server, I think using iptables to limit connection attempts is a better solution, it's not very difficult. Here is a link explaining how:
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.