[ubuntu-za] SSH restrictions/config per INCOMING host connection
Simon Cross
hodgestar at gmail.com
Wed Mar 5 11:17:10 GMT 2008
On Wed, Mar 5, 2008 at 10:30 AM, Michael <milegrin at gmail.com> wrote:
> I know that you can create host specific and user specific configs
> in OpenSSH for outgoing connections (see ssh_config and the "Match
> User <username>" stanzas in sshd_config)
>
> I however need to restrict incoming access based on the originating
> IP/Hostname and I have exhausted google and my own ideas.
>
> Basically have a restricted user that may only accept incoming SSH
> connections from 3 specific hosts. I suspect is has summin to do the
> the "Match User <username>" stanza in /etc/ssh/sshd_config but I have
> not been successful in getting it to work.
My (untested) solution would be something like:
# Types of Authentication to allow by default
ChallengeResponseAuthentication no
KbdInteractiveAuthentication yes
PasswordAuthentication yes
Match User <username> Host <host to deny>
# deny host by disabling all authentication types
KbdInteractiveAuthentication no
PasswordAuthentication no
http://fixunix.com/ssh/323078-match-user-not-working.html suggested
some possible gotchas related to disabling authentication types in
Match blocks.
Hope this helps.
Schiavo
Simon
More information about the ubuntu-za
mailing list