LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-10-2007, 01:05 PM   #1
Splenden
Member
 
Registered: Jan 2007
Posts: 32

Rep: Reputation: 15
SSH on main IP only


I am hosting DNS servers, a Web server, and a POP3/SMTP server on my VPS. I can access SSH through all of these IPs. For security reasons, I want to only allow SSH on the main IP (which only I have - I don't use the main VPS IP for anything but SSH).

I can't seem to find a "bind IP" option in ssh_config or in the manpages for it. Does such an option exist?

Thanks!

Splenden
 
Old 01-10-2007, 01:17 PM   #2
ilikejam
Senior Member
 
Registered: Aug 2003
Location: Glasgow
Distribution: Fedora / Solaris
Posts: 3,109

Rep: Reputation: 97
Hi.

Have a look in 'man sshd_config' for the 'ListenAddress' option.

Dave
 
Old 01-10-2007, 01:27 PM   #3
Splenden
Member
 
Registered: Jan 2007
Posts: 32

Original Poster
Rep: Reputation: 15
Thank you. I missed that.

Splenden
 
Old 01-10-2007, 01:35 PM   #4
Splenden
Member
 
Registered: Jan 2007
Posts: 32

Original Poster
Rep: Reputation: 15
I added this to ssh_config (it was not in there at all, I checked):

ListenAddress my.ip.address.here:22

However, it did not work after I did a reload (/etc/init.d/sshd reload) and then, if I try to ssh out to another location from it, I get:

/etc/ssh/ssh_config: line 3: Bad configuration option: ListenAddress
/etc/ssh/ssh_config: terminating, 1 bad configuration options

It's not a CR/LF error, I edited it in nano on that machine.

Thanks!

Splenden
 
Old 01-10-2007, 02:15 PM   #5
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Blog Entries: 5

Rep: Reputation: Disabled
ssh_config is for your client ssh software. sshd_config is for your daemon sshd software.

Are you trying to restrict to a network interface for the client or the daemon?
 
Old 01-10-2007, 08:12 PM   #6
Splenden
Member
 
Registered: Jan 2007
Posts: 32

Original Poster
Rep: Reputation: 15
Oh. I'll try sshd_config and report back.

I'm trying to restrict SSH to broadcast on one IP only, which is only known by me (that way, it can only be guessed).

Splenden
 
Old 02-16-2007, 02:56 PM   #7
bship
LQ Newbie
 
Registered: Mar 2005
Location: NC
Distribution: Red Hat and Novell OES (formerly SUSE), LPI 101 and Net+
Posts: 25

Rep: Reputation: 15
Thanks!

We got ours working!!!
Our problem was one letter the d !
Dang!

Be sure that you edit the sshd_config and not ssh_config.
Duh!

B
 
Old 02-17-2007, 06:10 AM   #8
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
You might also want to use /etc/hosts.deny on the 3 servers you're hosting on your VPS. Plus to lock down SSH even further you might want to look at this:

Code:
AllowUsers
    This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. `*' and `?' can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Lastly wouldnt you want to allow some kind of access to your hosted servers. Maybe SSH access only from your main VPS IP? To troubleshoot in case something goes wrong?
I've never used a VPS though, so is it that you have complete control and can change internal configs of all your other servers by merely logging on to your main VPS IP?

Cheers
Arvind
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh-agent, ssh-add and ssh-keygen AND CVS raylpc Linux - General 2 11-19-2008 02:50 AM
Passwordless SSH with SSH commercial server and open ssh cereal83 Linux - General 7 04-18-2006 12:34 PM
(2) Main Menu's? Isn't it, "there can be only one?" for the term "Main"? t3gah LQ Suggestions & Feedback 1 04-09-2005 09:30 AM
Is there a way to access to the main consoles thru a SSH or Telnet session ? jesters Linux - Newbie 4 11-28-2003 05:36 PM
help with main.cf gruger Linux - Software 3 06-20-2003 06:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration