Re: Restricting SSH/SFTP Connection by IP Addresses or Host Names

Elkar · ‎09-05-2011

Hi,

I know that allowing or denying users using the sshd_config file can be done quite easily.

However, I have a situation where the restriction needs to be based on IP addresses.

For example, myUser1 and myUser2 are user accounts on ServerXYZ.

myUser1 is allowed to be accessed from 192.168.1.5 only.

myUser2, on the other hand, is allowed access from 192.168.1.6 and 192.168.1.7 only.

Which parameter should I play with, if any?

Or would I be needing additional tool such as TCP Wrappers for this end?

Any input would be greatly appreciated.

Thanks,

-e-

Modris Bremze · ‎09-06-2011

SSH should have something like DenyUsers/AllowUsers parameters e.g:

AllowUsers user@192.168.0.5

Matti_Kurkela · ‎09-06-2011

Looking at "man sshd_config", the AllowUsers and DenyUsers directives in USER@HOST form should work. For more details, the man page refers to the PATTERNS paragraph of "man ssh_config". It says IP addresses are acceptable too.

Perhaps something like this would do the trick:

DenyUsers myUser1@*,myUser2@*
AllowUsers myUser1@192.168.1.5,myUser2@192.168.1.[6-7]

Or maybe even:

DenyUsers myUser1@!192.168.1.5,myUser2@!192.168.1.[6-7]

Disclaimer: not tested at all, just written based on the man pages.

Please make sure you have two shells already logged in when making this change and restarting/HUPping sshd, so you won't be locked out of your system if it does not work.

MK

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Restricting SSH/SFTP Connection by IP Addresses or Host Names

Restricting SSH/SFTP Connection by IP Addresses or Host Names

Re: Restricting SSH/SFTP Connection by IP Addresses or Host Names

Re: Restricting SSH/SFTP Connection by IP Addresses or Host Names