[TriLUG] limiting ssh

Jon Carnes jonc at nc.rr.com
Thu Jan 24 18:01:42 EST 2002


I haven't read the earlier posts, so forgive me if I'm ignorant as to why
you are not running firewalling on this box as your solution.
Run IPchains or IPtables and limit access of port 22 to the network
10.0.0.0.

Jon
----- Original Message -----
From: "Kevin Hunter" <khunter at rhoworld.com>
To: <trilug at trilug.org>
Sent: Thursday, January 24, 2002 5:30 PM
Subject: [TriLUG] limiting ssh


>
> I went w/ the following advice:
>
> 1) Copy /etc/security/access.conf to /etc/security/sshd_access.conf
>
> 2) Modify /etc/security/sshd_access.conf to taste.
> For the mail server at work, where a lot of people have accounts but
> I don't want the riffraff to get shell access:
>
> +:adminuser1:ALL
> +:adminuser2:ALL
> -:ALL:ALL
>
> 3) Add to /etc/pam.d/sshd:
> account  required  /lib/security/pam_access.so
> accessfile=/etc/security/sshd_access.conf
>
> However, what would be great is if I could define a user to just get
> in from our local 10.x.x.x network which is natd'd off a freebsd box
> that's also connected to the dmz my web server sits on.  I just can't
> get the syntax right.  I've tried a bunch of different variations.
> If someone has done this, please let me know.
>
> # sshd_access.conf
> +:wheel:ALL
> +:user:10.x.x.0.   ???
> -:ALL:ALL
>
>
>
> _______________________________________________
> TriLUG mailing list
> http://www.trilug.org/mailman/listinfo/trilug




More information about the TriLUG mailing list