Securing ssh

From Newroco Tech Docs
Jump to navigationJump to search

If you have a public host with SSH enabled that you want to secure beyond [SSHKeyAuth], you can use tcpwrapper functionality in the files 

/etc/hosts.allow
/etc/hosts.deny

In the simplest form to allow access from an IP and deny from all others 

vi /etc/hosts.allow

append 

sshd: <the ip address or FQDN>

(more than one line entry can exist)
and then 

vi /etc/hosts.deny

append 

sshd: ALL

then 

service ssh restart

Before disconnecting from your current ssh session, test that you can access from the at least one of the IP addresses you think you've allowed, just in case...

Retrieved from "http://docswiki.newro.co/index.php?title=Securing_ssh&oldid=688"