Recipe 3.13 Restricting Access to an SSH Server by Host

Previous page
Table of content
Next page

3.13.1 Problem

You want to limit access to sshd from specific remote hosts.

3.13.2 Solution

Use sshd's built-in TCP-wrappers support. Simply add rules to the files /etc/hosts.allow and /etc/hosts.deny, specifying sshd as the service. For example, to permit only 192.168.0.37 to access your SSH server, insert these lines into /etc/hosts.allow:

sshd: 192.168.0.37 sshd: ALL: DENY

3.13.3 Discussion

There is no need to invoke tcpd or any other program, as sshd processes the rules directly.

TCP-wrappers support in sshd is optional, selected at compile time. Red Hat 8.0 includes it but SuSE does not. If you're not sure, or your sshd seems to ignore settings in /etc/hosts.allow and /etc/hosts.deny, check if it was compiled with this support:

$ strings /usr/sbin/sshd | egrep 'hosts\.(allow|deny)' /etc/hosts.allow /etc/hosts.deny

If the egrep output is empty, TCP-wrappers support is not present. Download OpenSSH from http://www.openssh.com (or use your vendor's source RPM) and rebuild it:

$ ./configure --with-libwrap ...other desired options... $ make # make install

3.13.4 See Also

sshd(8), hosts_access(5).

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Database Modeling with MicrosoftВ® Visio for Enterprise Architects (The Morgan Kaufmann Series in Data Management Systems)
ERP and Data Warehousing in Organizations: Issues and Challenges
Beginning Cryptography with Java
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Java for RPG Programmers, 2nd Edition
Postfix: The Definitive Guide
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy