Programmer
How can I restrict SSH Tunnels to certain users? Once that is in place, how do I restrict it to certain sites only? I'd also like only certain ports to be allowed. I don't want a bunch of users using my server as their SSH tunnel for file sharing.
I've considered a firewall, will this do the trick? What firewall should I use?
I'm not sure how you can limit it to certain users but you can disable it by editing /etc/ssh/sshd_config and setting or adding AllowTcpForwarding to NO
.
sshd_config
Code:AllowTcpForwarding No
Learning Programmer
SSH listens only to the port specified in the /etc/ssh/sshd_config file, which is 22 by default. You can restrict access to users by allowing only specific IP addresses in the firewall, or by using certificate logons and issues those to the specific users. As a firewall I would suggest either IPTABLES or CSF.
If you're using the IP access method, and use IPTABLES as a firewall, then use these lines:
First block access to the SSH port:
Then create entries for the allowed IP addresses (replace these example addresses with the real ones):Code:iptables -I INPUT 4 -p tcp --dport 22 -j DROP
Code:iptables -I INPUT 1 -p tcp --dport 22 -s 1.1.1.1 -j ACCEPT iptables -I INPUT 2 -p tcp --dport 22 -s 2.2.2.2 -j ACCEPT iptables -I INPUT 3 -p tcp --dport 22 -s 3.3.3.3 -j ACCEPT
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Bookmarks