HomeComputing

Restrict SSH Access by IP Address on RedHat 9

Mon, 2004-08-30 19:24 — PMunn

Opening SSH to the outside world on your home LAN is a convenience if you are away from home, but a security liability. Here is how to restrict SSH access to certain IP addresses on and off your home LAN.

  1. Edit the /etc/hosts.allow file to include these lines, assuming your home LAN is on the 192.168.4.x nonrouting IP
    block, and your work address is on the routing 1.1.1.x
    IP block: Remember to add the period on the end of each
    incomplete IP number.
    If you have another complete IP address or range, add a
    space and that range on the end.

    # allow ssh login from home LAN and work LAN
    sshd,sshdfwd-X11: 192.168.4. 1.1.1.x.

  2. Edit your /etc/hosts.deny file to include this line:

    sshd,sshdfwd-X11:ALL

  3. These lines refuse SSH connections from anyone not in the IP address blocks listed.
Log out and then try logging back in to test your
configuration. Good luck!

‹ VendorsupXine DVD playback on Redhat 7.3 or 7.2 ›
  • Share

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <embed> <object> <param>
  • Lines and paragraphs break automatically.
  • You can use BBCode tags in the text. URLs will automatically be converted to links.

More information about formatting options

CAPTCHA
Be ye bot or be ye not?