Restricting ssh
Tom Horsley
horsley1953 at gmail.com
Fri Jan 7 00:04:29 UTC 2011
On Fri, 07 Jan 2011 00:28:47 +0100
Timothy Murphy wrote:
> Can I configure it so that it only accepts connection
> from certain machines, wherever they may be in the world?
I've setup iptables to drop just about everything, then
I have (among others) an /etc/sysconfig/iptables entry like this:
-A INPUT -s NNN.NNN.NNN.NNN/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
Which allows just the IP NNN.NNN.NNN.NNN access to connect to
my ssh server (where in my case the IP address is the IP of
my company's firewall, so I can connect from work - of course
anyone else at work will look like they are coming from
the same IP, but I also use public keys for authentication).
More information about the users
mailing list