Results 1 to 6 of 6

Thread: restrict ssh/scp access to specific ip addresses

  1. #1
    Join Date
    Dec 2006
    Location
    in the boonies
    Beans
    Hidden!

    restrict ssh/scp access to specific ip addresses

    I have a Ubuntu 8.04 desktop running at a remote location.
    It is directly connected to an ADSL modem.

    I have sudo access to this system.
    I am able to access via ssh/scp too.

    Now I want to limit ONLY the ssh/scp access to a few ip addresses.

    In other words, keep everything else as-is ...
    http, ftp, ... accessible by anyone
    BUT
    scp/scp ... accessible by 3 specific ip addresses only

    How can I do this?

  2. #2
    Join Date
    May 2008
    Beans
    77

    Re: restrict ssh/scp access to specific ip addresses

    Quote Originally Posted by boondocks View Post
    I have a Ubuntu 8.04 desktop running at a remote location.
    It is directly connected to an ADSL modem.

    I have sudo access to this system.
    I am able to access via ssh/scp too.

    Now I want to limit ONLY the ssh/scp access to a few ip addresses.

    In other words, keep everything else as-is ...
    http, ftp, ... accessible by anyone
    BUT
    scp/scp ... accessible by 3 specific ip addresses only

    How can I do this?
    Probably easier to setup a firewall rule something like
    Code:
    iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 --source [accepted ip address here] -j ACCEPT
    Last edited by nunki; May 20th, 2008 at 05:46 PM.

  3. #3
    Join Date
    Dec 2006
    Location
    in the boonies
    Beans
    Hidden!

    Re: restrict ssh/scp access to specific ip addresses

    Rather than make changes to iptables, it there some other ssh-specific way to do this?

  4. #4
    Join Date
    Apr 2008
    Location
    UK
    Beans
    1,098

    Re: restrict ssh/scp access to specific ip addresses

    Quote Originally Posted by boondocks View Post
    Now I want to limit ONLY the ssh/scp access to a few ip addresses.

    In other words, keep everything else as-is ...
    http, ftp, ... accessible by anyone
    BUT
    scp/scp ... accessible by 3 specific ip addresses only

    How can I do this?
    The AllowUsers option for sshd_config is the easiest route if you know who the users are. Alternatively, there is the equally easy tcp_wrappers way (/etc/hosts.allow and /etc/hosts.deny).
    Brian.

  5. #5
    Join Date
    Nov 2006
    Location
    40.31996,-80.607213
    Beans
    Hidden!
    Distro
    Ubuntu

    Re: restrict ssh/scp access to specific ip addresses

    Why not add in your /etc/host.allow:
    Code:
    sshd: IPADDRESS, IPADRRESS
    "Security lies within the user of who runs the system. Think smart, live safe." - Dr Small
    Linux User #441960 | Wiki: DrSmall

  6. #6
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    6,130
    Distro
    Xubuntu

    Re: restrict ssh/scp access to specific ip addresses

    Something like this in /etc/ssh/sshd_config perhaps?

    Code:
    AllowUsers andy@192.168.1.*,1.2.3.4,5.6.7.8 billy@192.168.1.* charlie@192.168.1.*

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •