nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

block ssh to remote user

This is a discussion on block ssh to remote user within the Networking, Firewalls and Security forums, part of the Mastering Servers category; Hi, I am root and i dont want anybody access me via SSH service remotly. How can i do that? ...

Go Back   nixCraft Linux Forum > Mastering Servers > Networking, Firewalls and Security

block ssh to remote user block ssh to remote user

Linux answers from nixCraft.

Register FAQ Members List Social Groups Calendar Forgotten your password? Mark Forums Read

Networking, Firewalls and Security No it's not a secret. Talk about firewalls and security issues.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 25-07-2008, 01:10 PM
Member
User
  
Join Date: Feb 2008
OS: fedora
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
chandanperl is on a distinguished road
Default block ssh to remote user
Hi,
I am root and i dont want anybody access me via SSH service remotly.
How can i do that?

Thanks
Reply With Quote
  #2 (permalink)  
Old 25-07-2008, 05:02 PM
amitabh's Avatar
Contributors
User
  
Join Date: Jul 2008
Location: New Delhi
OS: FreeBSD
Posts: 99
Thanks: 0
Thanked 4 Times in 3 Posts
Rep Power: 4
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default
Block the SSH port (normally 22) on your firewall
Reply With Quote
  #3 (permalink)  
Old 25-07-2008, 05:53 PM
Member
User
  
Join Date: Feb 2008
OS: fedora
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
chandanperl is on a distinguished road
Default SSH port block
Hi,
Thanks a lot.can u send me that firewall rule?




Quote:
Originally Posted by amitabh View Post
Block the SSH port (normally 22) on your firewall
Reply With Quote
  #4 (permalink)  
Old 26-07-2008, 05:21 AM
nixcraft's Avatar
Never say die
User
  
Join Date: Jan 2005
Location: BIOS
OS: RHEL
Scripting language: Bash and Python
Posts: 2,709
Thanks: 11
Thanked 244 Times in 183 Posts
Rep Power: 10
nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute
Default
Firewall usually blocks access using IPs or state and other conditions. Under Fedora Linux open /etc/sysconfig/iptables file and find out line with port 22 with ACCEPT action. Change this to DROP or REJECT:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j REJECT
Restart firewall:
Code:
service iptables restart
Note that no one able to use your ssh now over Lan or the Internet. If you need to skip LAN subnet (192.168.1.0/24) try as follows:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -s ! 192.168.1.0/24 -j REJECT
If iptables is too hard for you try:
Restrict ssh access using tcpd (TCPWrapper)
__________________
Vivek Gite
Linux Evangelist
Be proud RHEL user, and let the world know about your enterprise choices! Join RedHat user group.
Always use CODE tags for posting system output and commands!
Do you run a Linux? Let's face it, you need help
Reply With Quote
  #5 (permalink)  
Old 26-07-2008, 06:45 AM
amitabh's Avatar
Contributors
User
  
Join Date: Jul 2008
Location: New Delhi
OS: FreeBSD
Posts: 99
Thanks: 0
Thanked 4 Times in 3 Posts
Rep Power: 4
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default
If you are actually thinking of blocking the SSH entirely, why not disable the sshd service itself?
Reply With Quote
  #6 (permalink)  
Old 26-07-2008, 11:01 AM
Member
User
  
Join Date: Feb 2008
OS: fedora
Posts: 31
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
chandanperl is on a distinguished road
Default ssh blocking for root
Thanks,
Its working.I just want to allow only two ip for accessing root through ssh service.








Quote:
Originally Posted by nixcraft View Post
Firewall usually blocks access using IPs or state and other conditions. Under Fedora Linux open /etc/sysconfig/iptables file and find out line with port 22 with ACCEPT action. Change this to DROP or REJECT:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j REJECT
Restart firewall:
Code:
service iptables restart
Note that no one able to use your ssh now over Lan or the Internet. If you need to skip LAN subnet (192.168.1.0/24) try as follows:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -s ! 192.168.1.0/24 -j REJECT
If iptables is too hard for you try:
Restrict ssh access using tcpd (TCPWrapper)
Reply With Quote
Reply

Tags
iptables , linux , port 22 , ssh

« Kubuntu / Ubuntu Lan Ethernet card bonding Tutorial | Want to block personal mail attachement »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads

Thread Thread Starter Forum Replies Last Post
howto block mail service for a user ephdia Databases servers 0 17-07-2008 10:26 AM
How to Block Ultrasurf laluvirtual Linux software 9 15-06-2008 04:21 PM
Add normal user / FTP user usein NORMAL user(non-root) anilvrathod Shell scripting 0 07-12-2007 06:04 PM
Block Single User Login using root password sayan4u86 Networking, Firewalls and Security 0 28-09-2007 06:47 AM
Iptables block ip address raj Getting started tutorials 0 05-05-2007 01:01 AM


All times are GMT +5.5. The time now is 11:38 AM.

Contact Us - nixCraft Home - Archive - Privacy Statement - Terms of Service - Top

Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38