Securing ssh

From Newroco Tech Docs
Revision as of 06:55, 13 July 2017 by Chris.puttick (talk | contribs) (Created page with "If you have a public host with SSH enabled that you want to secure beyond [SSHKeyAuth], you can use tcpwrapper functionality in the files /etc/hosts.allow /etc/hosts.deny In...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

If you have a public host with SSH enabled that you want to secure beyond [SSHKeyAuth], you can use tcpwrapper functionality in the files

/etc/hosts.allow
/etc/hosts.deny

In the simplest form to allow access from an IP and deny from all others

vi /etc/hosts.allow

append

sshd: <the ip address or FQDN>

(more than one line entry can exist)
and then

vi /etc/hosts.deny
sshd: ALL
service ssh restart

Before disconnecting from your current ssh session, test that you can access from the at least one of the IP addresses you think you've allowed, just in case...