HPE Community
Operating System - HP-UX
1833756 Members
3019 Online
110063 Solutions
New Discussion

SSH

 
Krish_4
Contributor

‎03-09-2005 06:08 AM

‎03-09-2005 06:08 AM

SSH

Hi,

When system has multiple IP addresses configured ssh daemon listens on all ip's. How to configure ssh to listen on particular IP address?

Thanks.
0 Kudos
Reply
5 REPLIES 5
Steven E. Protter
Exalted Contributor

‎03-09-2005 06:19 AM

‎03-09-2005 06:19 AM

Re: SSH

By default ssh will listen on all IP addresses.

Openssh has a file called sshd_config

This file may allow you to make those kind of configurations.

I might approach it differently and use ipfilter or maybe even /var/adm/inetd.sec to block protocols aimed at certain ip addresses.

I know Ipfilter could handle the job easily.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎03-09-2005 06:31 AM

‎03-09-2005 06:31 AM

Re: SSH

One way is to use IPFilter. If S_IP is the server IP
you want to bind to and 22 is the port # where sshd
is listening on, use the following IPFilter rules:

# /sbin/ipf -f-
pass in quick proto tcp from any to S_IP port = 22
pass out quick proto tcp from S_IP port = 22 to any
block in proto tcp from any to any port = 22
block out proto tcp from any port = 22 to any

- Biswajit
:-)
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-09-2005 06:39 AM

‎03-09-2005 06:39 AM

Re: SSH

Doh.

That file I mentioned

/opt/ssh/etc/sshd_config

#Port 22
Protocol 2
#ListenAddress 0.0.0.0
#ListenAddress ::


I pretty much bet if you change the ListenAddress to the IP in question and then restart the sshd daemon, you will get the job done a lot faster than by installing and configuring IPFilter.

Sorry.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎03-09-2005 06:41 AM

‎03-09-2005 06:41 AM

Re: SSH

You could simplify the rule I posted in my last post
to the following:

# /sbin/ipf -Fa -f-
block in quick proto tcp from any to !S_IP port = 22
block out quick proto tcp from !S_IP port = 22 to any

(That's a '!' char immediately before the IP address).

- Biswajit
:-)
0 Kudos
Reply
Biswajit Tripathy
Honored Contributor

‎03-09-2005 06:45 AM

‎03-09-2005 06:45 AM

Re: SSH

Steven E Protter wrote:
> I pretty much bet if you change the ListenAddress
> to the IP in question and then restart the sshd
> daemon, you will get the job done a lot faster than
> by installing and configuring IPFilter.

I agree with you on this as far as HP-UX 11.11 (or
11i, v1) is concerned. On HP-UX 11i v2 (i.e 11.23)
IPFilter is a default installed product, so it should
already be there on your system.

- Biswajit

:-)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.