Thursday, 24 May 2012
 Home arrow Blog arrow How To Allow and Deny SSH Access To Selected Hosts and IP Addresses
   
Main Menu
Home
News
Blog
Links
Search
FAQs
Spider
Articles
@intrenet
Free Softwares
Break for fun
Friends VIdeos
Techno videos
Contact Us
Disclaimer
Guest Book
Speed test
V.E.C. Calculator
IPv4 Subnet Calc
IPv6 Subnet Calc
Byte Converter
Converter
GMT/UTC Time
Bandwidth Calc
Allinone Calc
IANA Port Numbers
Country Call Codes
Pk Postal Codes
Surf Anonumously
Visitors Counter
mod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_countermod_vvisit_counter
mod_vvisit_counterToday245
mod_vvisit_counterYesterday302
mod_vvisit_counterThis week807
mod_vvisit_counterThis month5356
mod_vvisit_counterAll126032
 
 
 
 

How To Allow and Deny SSH Access To Selected Hosts and IP Addresses PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Amanatullah khalil   
Saturday, 23 May 2009

How To Allow and Deny SSH Access To Selected Hosts and IP Addresses

 

With default OpenSSH installation, SSH allows access to any clients. This retriction can be configured to allow SSH access only to certain hosts and IP addresses to decrease unauthorized SSH login attempts to known and particular computer hosts and IP addresses only.

SSH Access Restrictions via TCP Wrapper

Step One

1. Backup and modify /etc/hosts.allow

# nano -w /etc/hosts.allow

Allow and Deny SSH Access to Specific Hosts / IP Addresses

To allow SSH access to IP address 83.83.83.83 , modify /etc/hosts.allow to reflect the below lines

sshd: 83.83.83.83

Access will be granted if both pairs represent a match. TCP wrappers should allow access if a matching SSH protocol and an IP address 83.83.83.83 is present from the requesting connection.

To allow SSH access to all hosts and/or subdomain(s) that is part of the parent domain yahoo.com

sshd:  .yahoo.com

To grant SSH access to multiple IP address, simply append multiple address as shown

sshd: 83.83.83.83 127.0.0.1 83.83.83.84 192.168.1.1

To allow SSH access to starting IP address

sshd: 192.168.

To allow SSH access with network IP netmask

sshd: 192.168.1.0/255.255.255.0

To use asterisk (*) from /etc/hosts.allow

sshd: *.yahoo.com

To specify a large set of IP addresses and known hosts from a file

sshd:  /etc/allowed.txt

To specify multiple hosts and IP addresses with excemption using except TCP wrapper operator

sshd: .yahoo.com EXCEPT search.yahoo.com

To allow access to everyone under .yahoo domain except 83.83.83.83

sshd: *.yahoo.com EXCEPT 83.83.83.83

To specify multiple SSH access restriction with multiple lines

sshd: 111.111.111.111

sshd: 222.222.222.222

If the above access lists rules appears inside /etc/hosts.allow, TCP wrappers allows the request. If the above lines appears from /etc/hosts.deny, TCP wrappers deny the request.

Step Two

To deny any other ssh access except from the ones listed from /etc/hosts.allow, backup and modify /etc/hosts.deny file

ALL: sshd

Save and exit.

All is done.

Thanks to http://techgurulive.com/2008/09/15/how-to-allow-and-deny-ssh-access-to-selected-hosts-and-ip-addresses/

 
< Prev   Next >
[ Back ]
 
 
 
csatpk Newsflash
Paper-thin batteries made from algae
Thursday, 26 November 2009
  Click for details...

Buffalo ships first USB 3.0 hard drive
Thursday, 26 November 2009
  Click for details...

Cisco's amazing $3B buy of videoconf. vendor Tandberg
Friday, 02 October 2009
  Click for details...

Large online payroll service hacked
Friday, 02 October 2009
  Click for details...

--= NFSP =--

Virtualization: Tips for avoiding server overload
Friday, 02 October 2009
  Click for details...

Statistics
OS: Linux h
PHP: 5.2.17
MySQL: 5.1.63-community-log
Time: 05:22
Caching: Disabled
GZIP: Disabled
Members: 3
News: 368
Web Links: 5
Visitors: 266773
Popular