limiting ssh access from particular host

Hi all, I'm looking to restricting ssh login allowed only from a particular
host/IP address through config (not thru firewall config), where do i
configure this? I'm using openssh-3.6.1.
Thanks in advance for advice.
Jemy

Hello

Jemy (<(E-Mail Removed)>) wrote:

> Hi all, I'm looking to restricting ssh login allowed only from a
> particular host/IP address through config (not thru firewall config),
> where do i configure this? I'm using openssh-3.6.1.

If your sshd is compiled with support for TCP wrappers, you can
configure it through /etc/hosts.allow and /etc/hosts.deny. E.g. you
could add something like

sshd: ALL EXCEPT your.allowed.ip.here

to /etc/hosts.deny.

best regards
Andreas Janssen

--
Andreas Janssen <(E-Mail Removed)>
PGP-Key-ID: 0xDC801674 ICQ #17079270
Registered Linux User #267976
http://www.andreas-janssen.de/debian-tipps.html

On Mon, 13 Sep 2004 15:45:55 +0800, Jemy wrote:

> Hi all, I'm looking to restricting ssh login allowed only from a particular
> host/IP address through config (not thru firewall config), where do i
> configure this? I'm using openssh-3.6.1.
> Thanks in advance for advice.
> Jemy

Maybe try hosts.allow, hosts.deny

On 2004-09-13, Jemy <(E-Mail Removed)> wrote:
>
> Hi all, I'm looking to restricting ssh login allowed only from a particular
> host/IP address through config (not thru firewall config), where do i
> configure this? I'm using openssh-3.6.1.
> Thanks in advance for advice.
> Jemy

If you're using public key authentication, you can set the valid source
host in the ~/.ssh/authorized_keys2 file with an initial

from="$fqdn" ssh-dsa ... normal key

If you're not using PKA, then you have to use tcp wrappers as the
other posters have suggested.

HTH;

Doug

--
--------
Senior UNIX Admin
O'Leary Computer Enterprises
(E-Mail Removed) (w) 630-904-6098 (c) 630-248-2749
resume: http://home.comcast.net/~dkoleary/resume.html

Doug O'Leary wrote:
> On 2004-09-13, Jemy <(E-Mail Removed)> wrote:
>
>>Hi all, I'm looking to restricting ssh login allowed only from a particular
>>host/IP address through config (not thru firewall config), where do i
>>configure this? I'm using openssh-3.6.1.
>>Thanks in advance for advice.
>>Jemy

Hi Jemy,

apart from the solutions already mentioned in this thread, you could
make use of the configeration options AllowGroups and AllowUsers inside
the file sshd_config.

Regards,

John

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.networking J. E. Peters <(E-Mail Removed)> suggested:
> Doug O'Leary wrote:

A really good suggestion!

>> On 2004-09-13, Jemy <(E-Mail Removed)> wrote:
>>
>>>Hi all, I'm looking to restricting ssh login allowed only from a particular
>>>host/IP address through config (not thru firewall config), where do i
[..]

> apart from the solutions already mentioned in this thread, you could
> make use of the configeration options AllowGroups and AllowUsers inside
> the file sshd_config.

Mh, I can't see how this should limit ssh access to a particular
host, which was in question.

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBReKBAkPEju3Se5QRAsnyAJsEjqlpiDEbCoF5w6FApH bSmBbALgCcDHzK
5/3oLFRKgbh9h6j5tWVp3eI=
=Ohbd
-----END PGP SIGNATURE-----