Knowledgebase
Restrict host access​
Posted by Talal Ahmad on 26 September 2016 06:25 AM

There are various ways in which access can be restricted to sshd. By restricting which users and hosts/networks that can log in, the impact of stolen credentials may be minimized.

You can restrict which hosts/networks can access sshd via proper firewalling. Linux provides firewall software called "iptables". What follows is an example of allowing just 1 particular IPv4 address to connect to sshd while denying all others:

Code:
# iptables -I INPUT -p tcp -s 1.2.3.4 --dport 22 -j ACCEPT
# iptables -A INPUT -p tcp --dport 22 -j DROP
 
Code:
iptables    : this is the iptables utility
-I          : insert a rule...
INPUT       : ...into the INPUT table
-p          : specify the protcol...
tcp         : ...as the TCP protocol
-s          : specify the source IP address...
1.2.3.4     : ...as 1.2.3.4
--dport     : specify the destination port...
22          : ...as 22
-j          : jump to...
ACCEPT      : the ACCEPT target
(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).