https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501226#M216697 Doh.<BR /><BR />That file I mentioned<BR /><BR />/opt/ssh/etc/sshd_config<BR /><BR />#Port 22<BR />Protocol 2<BR />#ListenAddress 0.0.0.0<BR />#ListenAddress ::<BR /><BR /><BR />I pretty much bet if you change the ListenAddress to the IP in question and then restart the sshd daemon, you will get the job done a lot faster than by installing and configuring IPFilter.<BR /><BR />Sorry.<BR /><BR />SEP Wed, 09 Mar 2005 14:39:09 GMT Steven E. Protter 2005-03-09T14:39:09Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501223#M216694 Hi,<BR /><BR />When system has multiple IP addresses configured ssh daemon listens on all ip's. How to configure ssh to listen on particular IP address? <BR /><BR />Thanks. Wed, 09 Mar 2005 14:08:18 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501223#M216694 Krish_4 2005-03-09T14:08:18Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501224#M216695 By default ssh will listen on all IP addresses.<BR /><BR />Openssh has a file called sshd_config<BR /><BR />This file may allow you to make those kind of configurations.<BR /><BR />I might approach it differently and use ipfilter or maybe even /var/adm/inetd.sec to block protocols aimed at certain ip addresses.<BR /><BR />I know Ipfilter could handle the job easily.<BR /><BR />SEP Wed, 09 Mar 2005 14:19:50 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501224#M216695 Steven E. Protter 2005-03-09T14:19:50Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501225#M216696 One way is to use IPFilter. If S_IP is the server IP<BR />you want to bind to and 22 is the port # where sshd<BR />is listening on, use the following IPFilter rules:<BR /><BR /># /sbin/ipf -f-<BR />pass in quick proto tcp from any to S_IP port = 22 <BR />pass out quick proto tcp from S_IP port = 22 to any<BR />block in proto tcp from any to any port = 22<BR />block out proto tcp from any port = 22 to any<BR /><BR />- Biswajit<BR /> Wed, 09 Mar 2005 14:31:39 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501225#M216696 Biswajit Tripathy 2005-03-09T14:31:39Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501226#M216697 Doh.<BR /><BR />That file I mentioned<BR /><BR />/opt/ssh/etc/sshd_config<BR /><BR />#Port 22<BR />Protocol 2<BR />#ListenAddress 0.0.0.0<BR />#ListenAddress ::<BR /><BR /><BR />I pretty much bet if you change the ListenAddress to the IP in question and then restart the sshd daemon, you will get the job done a lot faster than by installing and configuring IPFilter.<BR /><BR />Sorry.<BR /><BR />SEP Wed, 09 Mar 2005 14:39:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501226#M216697 Steven E. Protter 2005-03-09T14:39:09Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501227#M216698 You could simplify the rule I posted in my last post<BR />to the following:<BR /><BR /># /sbin/ipf -Fa -f-<BR />block in quick proto tcp from any to !S_IP port = 22<BR />block out quick proto tcp from !S_IP port = 22 to any<BR /><BR />(That's a '!' char immediately before the IP address).<BR /><BR />- Biswajit<BR /> Wed, 09 Mar 2005 14:41:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501227#M216698 Biswajit Tripathy 2005-03-09T14:41:10Z https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501228#M216699 Steven E Protter wrote:<BR />&gt; I pretty much bet if you change the ListenAddress <BR />&gt; to the IP in question and then restart the sshd <BR />&gt; daemon, you will get the job done a lot faster than <BR />&gt; by installing and configuring IPFilter.<BR /><BR />I agree with you on this as far as HP-UX 11.11 (or<BR />11i, v1) is concerned. On HP-UX 11i v2 (i.e 11.23)<BR />IPFilter is a default installed product, so it should <BR />already be there on your system.<BR /><BR />- Biswajit<BR /><BR /> Wed, 09 Mar 2005 14:45:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh/m-p/3501228#M216699 Biswajit Tripathy 2005-03-09T14:45:08Z