Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Hello,
I am running Fedora Core 3 and I'm having issues restricting ssh log in attempts. IT is my understanding that by editing the hosts.allow file & hosts.deny I could limt what IP addresses can access ssh. Here is what I have so far
hosts.allow
sshd : 192.168.1.0/20 xxx.xxx.x.xx
hosts.deny
ALL
So my understanding of this is that it will only allow people that use ssh from my internal LAN and the one IP that is listed. Everyone else is shut off. I restart sshd and it blocks every ssh connection, even the ones on the LAN. Once I comment the lines out ssh works fine. Can anyone tell me what I am doing wrong and also provide a better method to limiting ssh?
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
I could be wrong but I think you have the wrong subnet value here. 20 is for a class A/B value I believe. Your choices for Class C is starting with 24 for full subnet up to 255 per IP.
Are you trying the for a whole class C of 192.168.1.0 then try this.
sshd : 192.168.1.0/24
or
sshd:192.168.1. 63.21.45.2
Second part here is defining one single IP also.
I have done what you suggested and it still does not prevent me from ssh'ing to the machine from a "not allowed" host. Here is what I have again in allow & deny
Ok, so this config worked while I was on my LAN, but the remote IP that I have specified in /etc/hosts.allow cannot connect via ssh. Can anyone tell me what I've done wrong?
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
Should have read the question better. But glad you have it working now.
Is there a router between the remote IP and sshd machine?
If so you will need to open a port and port forward to sshd.
Are there any firewall rules up between the same or even on the sshd machine itself?
If so need to modify to allow. May require either this one or above.
I figured out why I could not connect remotely.... somehow my machine "stalled out," thus not working. I went home, rebooted and got it up and running and it is now accepting the connection from the IP that I want it to and denying other connections! Thanks!
Q:
Is their a way to run this hosts.allow & deny simultaneously with something that will also accept a specific username no matter where I am trying to connect from? meaning ssh will always allow username "tbrady" to be granted access no matter what IP he is connectiong from?
Distribution: Distribution: RHEL 5 with Pieces of this and that.
Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700
Rep:
I don't think that can be done. I would edit the config in hosts.allow to allow all ip's to sshd. Edit /etc/ssh/ssh_config and add the following.
DenyUsers all
AllowUsers tebucky
Yes this will allow someone to try to login but if they fail as unkown user and password then they can not get in. If iptables is setup, it can log the attempts, but it can accumalate a lot of attempts even in one week. You can make the sshd port 22 act as a stealth port so it will not show up as an open port if someone scans your IP. Hven't done it with iptables but should be easy from what I hear. Pam might help in more security as well.
Also make sure root is not able to login to sshd. One can add a script to block IP blocks as they come if someone tries to sshd your machine but after 3 logins fail it adds a rule to iptables to block access to a whole class C range. Have done it but its been awhile. I currently do not remember how but found the info on the internet. Google around net or search here.
Read up on the man pages for ssh and pam and other files they mention. Lots of examples in them.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.