Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Enable SSH on this IP Address

3 views
Skip to first unread message

Vm

unread,
May 24, 2010, 1:10:28 PM5/24/10
to
Hi all,

I need to restrict ssh connection on to particular ip address, What
i mean to say is only allowed ip address can ssh to my linux box i m
running CentOS 5.4, I have looked into /etc/hosts but it don't really
help me.

Thanks
Vijay.

Regis

unread,
May 24, 2010, 6:47:40 PM5/24/10
to
Vm <vijaymaj...@gmail.com> writes:


man sshd_config

ListenAddress may be what you want.


Vm

unread,
May 25, 2010, 2:38:04 AM5/25/10
to

> man sshd_config  
>
> ListenAddress may be what you want.

thanks for reply, But i have already tired this, sorry i forgot to
mention this.

this what i changed in /etc/ssh/sshd_config file, i add ip address of
machine that allowed to connect my box but this isn't work for me...

[sshd_config]
....
#port 22
#AddressFamily Any
ListenAddress 192.168.1.10:192.168.1.12

....

[/sshd_config]

Later i restarted the service but still i m able to login from machine
which has ip 192.168.1.15


Thanks
Vijay

MrD

unread,
May 25, 2010, 4:25:54 AM5/25/10
to

ListenAddress specifies which local address sshd listens on, not which
remote address is permitted to connect. There's no config setting that
controls what the OP wants, as far as I can see. You can use TCP
Wrappers to do this, though.

--
MrD.

Vm

unread,
May 25, 2010, 4:52:09 AM5/25/10
to
On May 25, 1:25 pm, MrD <mrdemean...@jackpot.invalid> wrote:
> Regis wrote:

Thanks for the help.

Vijay

Regis

unread,
May 25, 2010, 8:59:13 AM5/25/10
to
Vm <vijaymaj...@gmail.com> writes:

MrD did a better job of divining your question than I did. :-)

Indeed, tcpwrappers /etc/hosts.allow /etc/hosts.deny and the like with
sshd directives would be the way to control if client IP address
filtering for sshd is what you're looking for.

man hosts_access

in /etc/hosts.deny you may want to deny everything not explicitly allowed:
ALL: ALL

in /etc/hosts.allow you may want (where ip1/ip2 are ip addresses you wish )
sshd: ip1
sshd: ip2

Bit Twister

unread,
May 25, 2010, 9:26:25 AM5/25/10
to
On Tue, 25 May 2010 07:59:13 -0500, Regis wrote:
>
> in /etc/hosts.deny you may want to deny everything not explicitly allowed:
> ALL: ALL


Or to help identify problems, or illegal attempts, you could script an
email to root. Copy of mine follows:

$ cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#


ALL: ALL:\
spawn ( \
/bin/echo -e "\n\
TCP Wrappers\: Connection Refused\n\
By\: $(uname -n)\n\
Process\: %d (pid %p)\n\
\n\
User\: %u\n\
Host\: %c\n\
Date\: $(date)\n\
" | /bin/mail -s \"$(uname -n)\" root ) & : DENY

#*********************** end host.deny ********************************

Vm

unread,
May 26, 2010, 3:11:15 AM5/26/10
to
Thanks
Bit Twister, that was really good idea,

Thanks
Vijay

0 new messages