Re: SSH/SSHD local LAN only

To: debian-user@lists.debian.org
Subject: Re: SSH/SSHD local LAN only
From: "nate" <debian-user@aphroland.org>
Date: Fri, 19 Sep 2008 10:10:14 -0700 (PDT)
Message-id: <[🔎] 2488.65.102.144.193.1221844214.squirrel@webmail.linuxpowered.net>
In-reply-to: <[🔎] slrngd7m6k.7lr.SDA@PPC.sweetpig.dyndns.org>
References: <[🔎] slrngd7m6k.7lr.SDA@PPC.sweetpig.dyndns.org>

S.D.Allen wrote:
> Greetings;
>
> I can seem to figure out which config file to edit and what to enter
> to allow only hosts on the LAN to connect via SSH. I'll have the box
> in question available to the entire Internet and want to disable
> global access to SSH. Presently I'm using password authentication, and
> would prefer to keep it this way, as opposed to allowing access via
> trusted key.

Is the system dual homed?

If so then you can pretty easily configure SSH to only listen on the
internal interface, in /etc/ssh/sshd_config put

ListenAddress <IP address of internal interface>

and restart sshd

Otherwise you can add an iptables rule to block inbound ssh access
unless it comes from your LAN. The above is easier though.

nate

Reply to:

References:
- SSH/SSHD local LAN only
  - From: "S.D.Allen" <SDA@Deer-in-the-headlights.ca.invalid>

Prev by Date: Re: about Intel Ethernet Controller lenny compatibility
Next by Date: Re: SSH/SSHD local LAN only
Previous by thread: SSH/SSHD local LAN only
Next by thread: Re: SSH/SSHD local LAN only
Index(es):
- Date
- Thread