Re: Disabling access to SSH
There are several approaches:
1) Use tcpd - access control facility for internet services
Configure your /etc/hosts.allow and /etc/hosts.deny as follows:
Add to /etc/hosts.allow
# Services that can be contacted externally.
sshd: IP-host1/255.255.255.0 IP-host2/255.255.255.0
172.16.145.0/255.255.255.0 - the local subnet
Add to /etc/hosts.deny
# Deny everything unless allowed by /etc/hosts.allow
ALL : ALL@ALL, PARANOID
man 3 hosts_access - functions provided by the libwrap library.
man 5 hosts_access - format of the tcpd access control tables.
man 5 syslog.conf - format of the syslogd control file.
man 5 inetd.conf - format of the inetd control file.
2) One can also disable external machine using PAM ( Portable
Authentication Module
ACL for OpenSSH? server.
1. Create /etc/sshd.acl that includes a list of users who are
allowed to access to the machine.
2. Make /etc/sshd.acl readable by user root only.
# chmod 660 /etc/sshd.acl
3. Add the following line to /etc/pam.d/ssh (for Debian Gnu/Linux)
or /etc/pam.d/sshd (for Redhat Linux)
# make sure that it one line
# auth required /lib/security/pam_listfile.so file=/etc/sshd.acl
item=user sense=allow onerr=fail
Regards
Reply to: