Securing ssh: Difference between revisions
From Newroco Tech Docs
Jump to navigationJump to search
(Created page with "If you have a public host with SSH enabled that you want to secure beyond [SSHKeyAuth], you can use tcpwrapper functionality in the files /etc/hosts.allow /etc/hosts.deny In...") |
No edit summary |
||
| Line 9: | Line 9: | ||
and then | and then | ||
vi /etc/hosts.deny | vi /etc/hosts.deny | ||
append | |||
sshd: ALL | sshd: ALL | ||
then | |||
service ssh restart | service ssh restart | ||
Before disconnecting from your current ssh session, test that you can access from the at least one of the IP addresses you think you've allowed, just in case... | Before disconnecting from your current ssh session, test that you can access from the at least one of the IP addresses you think you've allowed, just in case... | ||
Latest revision as of 06:55, 13 July 2017
If you have a public host with SSH enabled that you want to secure beyond [SSHKeyAuth], you can use tcpwrapper functionality in the files
/etc/hosts.allow /etc/hosts.deny
In the simplest form to allow access from an IP and deny from all others
vi /etc/hosts.allow
append
sshd: <the ip address or FQDN>
(more than one line entry can exist)
and then
vi /etc/hosts.deny
append
sshd: ALL
then
service ssh restart
Before disconnecting from your current ssh session, test that you can access from the at least one of the IP addresses you think you've allowed, just in case...
