Re: Disabling access to SSH

To: debian users <debian-user@lists.debian.org>
Cc: Mark Maas <mark@menem.mine.nu>
Subject: Re: Disabling access to SSH
From: Sergio Basurto Juarez <sbasurtoj@yahoo.com>
Date: Tue, 16 Nov 2004 09:11:29 -0800 (PST)
Message-id: <[🔎] 20041116171130.59779.qmail@web41605.mail.yahoo.com>
In-reply-to: <[🔎] 4199B161.6030004@menem.mine.nu>

--- Mark Maas <mark@menem.mine.nu> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi All,
> 
> I'm trying to restrict access to my ssh server from
> the outside to
> allow only two IP adresses and the internal lan
> ofcourse.
> And deny access to everyone else.
> 
> People are trying the guess a username and password
> tactic a little
> too much to my liking...
> 
> Do I use hosts.deny, hosts.allow for this? If so,
> which one takes
> precedence?
> 
> Thanks,
> Mark
I think this will be achieve much better with a couple
of rules with iptables:

#iptables -A INPUT -s [valid ip1] -d [external ip]
--dport 22 -j ACCEPT
#iptables -A INPUT -s [valid ip2] -d [external ip]
--dport 22 -j ACCEPT
#iptables -A INPUT -s [internal net] -d [internal ip]
--dport 22 -j ACCEPT

#iptables -A INPUT -s 0.0.0.0/0 -d [external ip]
--dport 22 -j REJECT

in this case the valid ip mus be in the format
192.168.0.1/32 for example.

and for your internal network:
192.168.0.0/28 or whatever mask you use.

Also you can do a bash script to run at boot time in
order to get this automatic and restric other services
too.

I hope this help.
Regards



=====
--
Sergio Basurto J.

If I have seen further it is by standing on the 
shoulders of giants. (Isaac Newton)
--


		
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com

Reply to:

References:
- Disabling access to SSH
  - From: Mark Maas <mark@menem.mine.nu>

Prev by Date: new installer ?
Next by Date: Re: new installer ?
Previous by thread: Re: Disabling access to SSH
Next by thread: Re: Disabling access to SSH
Index(es):
- Date
- Thread