SSH host authentication 2

[rene1000]

I am running sshd on redhat 7.3 pro. i want to configure that only certain hosts (on ip address) can connect to the sshd. i still want them to enter a password so i dont want to use the hosts.equiv file. does anyone know if this is possible ?

Thanks in advance !

 

[enigma174]

You can change the ListenAddress arguement in /etc/ssh/sshd_config. Usually this is set to 0.0.0.0, indicating that it will accept connections from anywhere, but this can be changed, for example to 192.168.34.0 so only machines in that subnet can use it.

From my own machine:
# This is ssh server systemwide configuration file.

Port 22
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
.
.
.

I think this line will allow a list of specific IP addresses as well.

--cb

 

[rene1000]

thanks, this is exactly what i ment !

Have you got any idea how to add multiple IP addresses ?
i want to add some IP addresses of our private range and a few public adresses.

thanks for your help again

 

[rene1000]

i have tried to set the "listen address", but this is the servers IP address it listens on for incoming SSH connections so this is not what i am trying to acomplish.

got any other ideas to do it ?

 

[boards188]

I assume that you are not talking about the hosts.allow file when you said "I don't want to use the hosts.equiv file.."? Adding the following line to your hosts.allow file would grant access to the SSH daemon to only the listed IP's.

sshd: 192.168.32.0/255.255.255.0 212.78.115.0/255.255.255.0

The only other option I can think of is to block access to port 22 (or whatever port you want SSH to listen on) except for your trusted subnets using a firewall or IPTables/IPChains on the server.

 

[Guest_imported]

Hi

From which site you got ssh for linux?

eagle

 

[enigma174]

http://www.openssh.org

is the homepage of the free SSH project, but most distributions will come with both the client and server, and will install them by default.

--cb