Solved

Allow access to SSH for certain IPs

Posted on 2012-04-04
6
633 Views
Last Modified: 2012-04-22
Hi,

what is the best way to deny access to ssh for every body except certain IPs. Looking for a way that's the easiest to configure, like editing a single file

Can I use iptables and put all IPs in a file? or hosts.allow? How do I deny access for every body?
0
Comment
Question by:Dennie
6 Comments
 
LVL 11

Expert Comment

by:legolasthehansy
ID: 37806614
On /etc/hosts.deny

sshd: ALL EXCEPT 192.168.0.2

The above denies all except 192.168.0.2. You don't need a restart as the settings are read once you save the file.
0
 

Author Comment

by:Dennie
ID: 37806791
what if I want to add 5 more IPs?
0
 
LVL 11

Accepted Solution

by:
legolasthehansy earned 167 total points
ID: 37806956
sshd: ALL EXCEPT 192.168.0.2, 192.168.0.3, 192.168.0.4 etc..

Or

sshd: ALL EXCEPT 192.168.0.1/255.255.255.0
to exclude the 192.168.0.1 network
0
Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

 
LVL 5

Assisted Solution

by:1ly4me
1ly4me earned 167 total points
ID: 37807229
For TCP wrappers,
/etc/hosts.deny
sshd : all except 192.168.0.0/24

This will only allow network 192.168.0.0 to access SSH

For IPtables.
#iptables -I INPUT -p tcp ! -s 192.168.0.0/24 --dport=22 -j REJECT
0
 
LVL 3

Expert Comment

by:rickygm
ID: 37828164
Hi, I make by means of firewall or iptables

in shorewall like this

ACCEPT          net:XXX.XXX.XXX.XXX   $FW                   tcp     ssh

iptables other example

iptables -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT

http://wiki.centos.org/HowTos/Network/IPTables

regardss
0
 
LVL 4

Assisted Solution

by:senseifedon
senseifedon earned 166 total points
ID: 37846025
Hi;
iptables -I INPUT -p tcp --dport 22 -s 123.123.123.123 -j ACCEPT
iptables -I INPUT -p tcp --dport 22 -j DROP

Open in new window


123.123.123.123 should been your exception ip.

Good luck. Or you can use fail2ban. It's allow you to ban ip address after some (you can arrange value) unauthorized tries.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question