Re: SSH/SSHD local LAN only
S.D.Allen wrote:
> Greetings;
>
> I can seem to figure out which config file to edit and what to enter
> to allow only hosts on the LAN to connect via SSH. I'll have the box
> in question available to the entire Internet and want to disable
> global access to SSH. Presently I'm using password authentication, and
> would prefer to keep it this way, as opposed to allowing access via
> trusted key.
Is the system dual homed?
If so then you can pretty easily configure SSH to only listen on the
internal interface, in /etc/ssh/sshd_config put
ListenAddress <IP address of internal interface>
and restart sshd
Otherwise you can add an iptables rule to block inbound ssh access
unless it comes from your LAN. The above is easier though.
nate
Reply to: