GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: To fobid access trought ssh
Operating System - HP-UX
1855290
Members
6868
Online
104109
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Knowledge Base
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Knowledge Base
Forums
Discussions
- Cloud Mentoring and Education
- Software - General
- HPE OneView
- HPE Ezmeral Software platform
- HPE OpsRamp
Knowledge Base
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2009 12:56 AM
09-24-2009 12:56 AM
To fobid access trought ssh
Hi,
We have a server called MACHINE Blade870 operating system hp-uxv2 (machine HP-UX B.11.23 U ia64 4032246291 unlimited-user license). I installed the latest version of SSH (T1471AA, A.05.20.014, HP-UX Secure Shell) and now I want to forbid access from any computer or server to this server in 2 ways:
At the level of host
At the user level
The idea that I would like to implement would be: if I am a simple user, I can only access if you have the public key MACHINE MACHINE. How can I do this? Is my reasoning correct? What other ideas do you offer me?
Thanks & Regards.
We have a server called MACHINE Blade870 operating system hp-uxv2 (machine HP-UX B.11.23 U ia64 4032246291 unlimited-user license). I installed the latest version of SSH (T1471AA, A.05.20.014, HP-UX Secure Shell) and now I want to forbid access from any computer or server to this server in 2 ways:
At the level of host
At the user level
The idea that I would like to implement would be: if I am a simple user, I can only access if you have the public key MACHINE MACHINE. How can I do this? Is my reasoning correct? What other ideas do you offer me?
Thanks & Regards.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-24-2009 05:14 AM
09-24-2009 05:14 AM
Re: To fobid access trought ssh
Hello ssh!
There are many ways to restrict access to a (ssh) server:
1. Use sshd_config with
AllowUsers (allows USER@HOST notation)
AllowGroups
These are useful for whitelist creation which is ALWAYS more secure than a blacklist using their counterparts:
DenyUsers
DenyGroups
2. Use tcpwrappers
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP
3. If you run sshd as an inetd based daemon you can filter hosts using inetd.sec (man inetd.sec)
4. For host based filtering you can use system wide firewall rules (man ipf)
5. Use pam (man sshd_config and man pam)
Kind regards,
Kobylka
There are many ways to restrict access to a (ssh) server:
1. Use sshd_config with
AllowUsers (allows USER@HOST notation)
AllowGroups
These are useful for whitelist creation which is ALWAYS more secure than a blacklist using their counterparts:
DenyUsers
DenyGroups
2. Use tcpwrappers
https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=TCPWRAP
3. If you run sshd as an inetd based daemon you can filter hosts using inetd.sec (man inetd.sec)
4. For host based filtering you can use system wide firewall rules (man ipf)
5. Use pam (man sshd_config and man pam)
Kind regards,
Kobylka
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-25-2009 11:54 AM
09-25-2009 11:54 AM
Re: To fobid access trought ssh
To deny hosts, I like the TCPwrappers mentioned above. The hosts.deny file will have in it ALL:ALL:DENY, then the hosts.allow files will select which hosts to let in.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2026 Hewlett Packard Enterprise Development LP