Operating System - HP-UX
1748058 Members
5022 Online
108758 Solutions
New Discussion юеВ

Re: SSH access limitation ( IP address )

 
SOLVED
Go to solution
Roro_2
Regular Advisor

SSH access limitation ( IP address )

Hi,

I am willing to limit the access of ssh on HPUX 11i server to some IP addresses .
I tried to set " listen address " option in sshd_config file , but i did not work.
Please could someone help me.

Roger
12 REPLIES 12
Ivan Krastev
Honored Contributor
Solution

Re: SSH access limitation ( IP address )

ListenAddress is for ssh daemon if you have more than one IP on the server.

For restrictions use Allow/Deny Groups or use IPFilter to restrict by IP.

See documentation about sshd_config options - http://docs.hp.com/en/T1471-90015/ch01s14.html

and IPFilter admin guide - http://docs.hp.com/en/B9901-90014/index.html


regards,
ivan
Steven E. Protter
Exalted Contributor

Re: SSH access limitation ( IP address )

Shalom Roger,

tcpwrapper from http://software.hp.com can be used to limit ssh access by ip address or hostname.

It is somewhat easier to use than IPFilter which is also a very good solution.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Roro_2
Regular Advisor

Re: SSH access limitation ( IP address )

Hi Ivan,

Where can i find Allow/Deny groups


Roger
Jeeshan
Honored Contributor

Re: SSH access limitation ( IP address )

you can use /var/adm/inetd.sec to allow or deny for specific services with ip address
a warrior never quits
Ivan Krastev
Honored Contributor

Re: SSH access limitation ( IP address )

Roro:

In file /etc/opt/ssh/sshd_config

After any change restart ssh daemon.


regards,
ivan
Roro_2
Regular Advisor

Re: SSH access limitation ( IP address )

Hi Ivan,

I did not find "Allow/Deny Groups" option in sshd_config.

Roger
Ivan Krastev
Honored Contributor

Re: SSH access limitation ( IP address )

In the link above there are configuration items and explanation - http://docs.hp.com/en/T1471-90015/ch01s14.html

For example use :
AllowGroups sshusers

where sshusers is a system group.

regards,
ivan
vinodan
Advisor

Re: SSH access limitation ( IP address )

Dear Roro,

If you want to limit certain Ips then you can /etc/hosts.allow and /etc/hosts.deny files .Put a + in /etc/hosts.deny which will
deny all IP addresses . Then mention the IPs which you want to allow in hosts.allow .

Vinod
boomer_2
Super Advisor

Re: SSH access limitation ( IP address )

hi Steven,
I couldnt find the tcp wrapper on hp's site...for 11i v2....

Only for tru64 its mentioned...