Restricting ssh
Sam Varshavchik
mrsam at courier-mta.com
Thu Jan 6 23:45:10 UTC 2011
Timothy Murphy writes:
> I have an sshd server running on a machine in Ireland.
>
> Can I configure it so that it only accepts connection
> from certain machines, wherever they may be in the world?
In sshd_config set:
PasswordAuthentication no
Then, on the machines that you wish to allow connections from, in each
account you wish to connect, run ssh-keygen to generate a keypair. This will
create id_rsa and id_rsa.pub (or id_dsa and id_dsa.pub) in $HOME/.ssh (with
permissions set appropriately), then append the contents of id_rsa.pub or
id_dsa.pub to the $HOME/.ssh/authorized_keys2 file on the server that you
want to connect TO.
Now, only the accounts whose private keys are listed in authorized_keys2
will be able to log in to your server. And, as an added bonus, no password
will be required. The key takes place of the password, and only the machine
where the key is installed will be able to log in.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110106/e1f87e48/attachment.bin
More information about the users
mailing list