[PLUG] [Q] sshd restrict IP

Matt Alexander lug at phxlinux.org
Mon Aug 2 13:19:02 UTC 2004


On Mon, 2 Aug 2004, Marv wrote:

> On Mon, 2004-08-02 at 13:02, Matt Alexander wrote:
> > On Mon, 2 Aug 2004, Roderick A. Anderson wrote:
> >
> > > I have got some little twits knocking on the door of one of my servers
> > > trying to make ssh connections.  It is irritating as all hell seeing the
> > > attempts in my system/security logs so I figured after I report them to
> > > the company where the IPs look to be from I'd like to just not even give
> > > them an answer when they knock.  I know I can do this using iptables and
> > > friends but I'd prefer in these few instances to do it (hopefully) using
> > > sshd configurations.
> > >
> > > Ideas?
> >
> > First off, run SSH on a non-standard port, like maybe 20022 or
> > something.  Just change the line that starts with "Port" in your
> > sshd_config file.  That will stop most of the automated scripts.
> >
> > Next, you can restrict SSH access to certain user names and IP
> > addresses with this line:
> >
> > AllowUsers roderick
> >
> > or...
> >
> > AllowUsers roderick at 1.2.3.4
> >
> >
>
> This is in /etc/hostsallow ???

No, it's in sshd_config.  Possibly in /etc/ssh/sshd_config or wherever
SSH was installed.






More information about the PLUG mailing list