https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927989#M46151 In the /etc/ssh/sshd_config, configure the option:<BR /><BR />ListenAddress Thu, 22 Sep 2005 07:59:47 GMT Ivan Ferreira 2005-09-22T07:59:47Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927982#M46144 all,<BR />I have eth0 and eth0:1, I want to run apache on eth0:1 but do not want any one to be able to ssh to eth0:1. I know how to restrict ssh login vi ip address, but do not know how to do it just for eth0:1. Does any any know how? Thanks. Wed, 21 Sep 2005 19:50:59 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927982#M46144 K.C. Chan 2005-09-21T19:50:59Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927983#M46145 ssh has a ssh_config file set. You can restrict access and ssh server listening based on the IP address you have assigned.<BR /><BR />There is a Listen directive. Usually its set to 0.0.0.0 which means all IP addresses. It can however be repeated and set to individual IP addresses.<BR /><BR />SEP Wed, 21 Sep 2005 23:23:05 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927983#M46145 Steven E. Protter 2005-09-21T23:23:05Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927984#M46146 You can also use Iptables or a front-end (shorewall for example) to create 2 zones, and custom rules for each zone. Wed, 21 Sep 2005 23:55:10 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927984#M46146 Nils_9 2005-09-21T23:55:10Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927985#M46147 Chan, <BR /><BR />You can use /etc/ssh/ssh_config to restrict IP. Or you can use IP tables in Linux.<BR /><BR />-Arun Thu, 22 Sep 2005 00:24:39 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927985#M46147 Arunvijai_4 2005-09-22T00:24:39Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927986#M46148 <BR />use /etc/ssh/sshd_config file to restrict logins by ip address subnet. you can also use iptables to prevenet ssh port access (port 22) to eth0:1<BR /><BR />Also SSH supports tcp_wrappers you can enable/disable access to ssh based on IP address by adding necessary configuration to /etc/hosts.allow and /etc/hosts.deny file<BR /><BR />Regards,<BR />Gopi Thu, 22 Sep 2005 01:09:11 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927986#M46148 Gopi Sekar 2005-09-22T01:09:11Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927987#M46149 Hi,<BR /><BR />You can use the ipmasq package, then disable the masqing portion of it. Just see the rules.<BR /><BR />You can use DNS to run on a particular interface or ip. You can restrict the other services through ipchains - creating the rules in the /etc/ipmasq/rules directory. In Apache, we may specify the IP addresse to listen.<BR /><BR />Thanks.<BR /><BR /> Thu, 22 Sep 2005 01:41:23 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927987#M46149 VEL_1 2005-09-22T01:41:23Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927988#M46150 Hi K.C ,<BR /><BR />If you make /etc/nologin , totoal ssh will be restricted ,<BR /><BR />Though you can configure the file ssh_config ,<BR /><BR />hth,<BR />Raj. Thu, 22 Sep 2005 06:20:37 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927988#M46150 Raj D. 2005-09-22T06:20:37Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927989#M46151 In the /etc/ssh/sshd_config, configure the option:<BR /><BR />ListenAddress Thu, 22 Sep 2005 07:59:47 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927989#M46151 Ivan Ferreira 2005-09-22T07:59:47Z https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927990#M46152 thanks, all. I got my answ. Sun, 25 Sep 2005 08:40:08 GMT https://community.hpe.com/t5/operating-system-linux/restricting-ssh/m-p/4927990#M46152 K.C. Chan 2005-09-25T08:40:08Z