nixCraft Linux Forum

nixCraft

Linux Tech Support Forum

block ssh to remote user

This is a discussion on block ssh to remote user within the Networking, Firewalls and Security forums, part of the Mastering Servers category; Hi, I am root and i dont want anybody access me via SSH service remotly. How can i do that? ...


Go Back   nixCraft Linux Forum > Mastering Servers > Networking, Firewalls and Security

block ssh to remote user block ssh to remote user

Register FAQ Members List Calendar Forgotten your password? Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-25-2008, 02:10 PM
Member
User
  
Join Date: Feb 2008
My distro: fedora
Posts: 30
Rep Power: 0
chandanperl is on a distinguished road
Default block ssh to remote user
Hi,
I am root and i dont want anybody access me via SSH service remotly.
How can i do that?

Thanks
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 07-25-2008, 06:02 PM
amitabh's Avatar
Contributors
User
  
Join Date: Jul 2008
Location: New Delhi
My distro: FreeBSD/OpenBSD
Posts: 68
Rep Power: 3
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default
Block the SSH port (normally 22) on your firewall
Reply With Quote
  #3 (permalink)  
Old 07-25-2008, 06:53 PM
Member
User
  
Join Date: Feb 2008
My distro: fedora
Posts: 30
Rep Power: 0
chandanperl is on a distinguished road
Default SSH port block
Hi,
Thanks a lot.can u send me that firewall rule?




Quote:
Originally Posted by amitabh View Post
Block the SSH port (normally 22) on your firewall
Reply With Quote
  #4 (permalink)  
Old 07-26-2008, 06:21 AM
nixcraft's Avatar
Never say die
User
  
Join Date: Jan 2005
Location: BIOS
My distro: Ubuntu
Posts: 1,061
Rep Power: 10
nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute nixcraft has a reputation beyond repute
Default
Firewall usually blocks access using IPs or state and other conditions. Under Fedora Linux open /etc/sysconfig/iptables file and find out line with port 22 with ACCEPT action. Change this to DROP or REJECT:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j REJECT
Restart firewall:
Code:
service iptables restart
Note that no one able to use your ssh now over Lan or the Internet. If you need to skip LAN subnet (192.168.1.0/24) try as follows:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -s ! 192.168.1.0/24 -j REJECT
If iptables is too hard for you try:
Restrict ssh access using tcpd (TCPWrapper)
__________________
Vivek | My personal blog
Linux Evangelist
Play hard stay cool
Reply With Quote
  #5 (permalink)  
Old 07-26-2008, 07:45 AM
amitabh's Avatar
Contributors
User
  
Join Date: Jul 2008
Location: New Delhi
My distro: FreeBSD/OpenBSD
Posts: 68
Rep Power: 3
amitabh has a spectacular aura about amitabh has a spectacular aura about amitabh has a spectacular aura about
Send a message via MSN to amitabh Send a message via Yahoo to amitabh Send a message via Skype™ to amitabh
Default
If you are actually thinking of blocking the SSH entirely, why not disable the sshd service itself?
Reply With Quote
  #6 (permalink)  
Old 07-26-2008, 12:01 PM
Member
User
  
Join Date: Feb 2008
My distro: fedora
Posts: 30
Rep Power: 0
chandanperl is on a distinguished road
Default ssh blocking for root
Thanks,
Its working.I just want to allow only two ip for accessing root through ssh service.








Quote:
Originally Posted by nixcraft View Post
Firewall usually blocks access using IPs or state and other conditions. Under Fedora Linux open /etc/sysconfig/iptables file and find out line with port 22 with ACCEPT action. Change this to DROP or REJECT:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j REJECT
Restart firewall:
Code:
service iptables restart
Note that no one able to use your ssh now over Lan or the Internet. If you need to skip LAN subnet (192.168.1.0/24) try as follows:
Code:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -s ! 192.168.1.0/24 -j REJECT
If iptables is too hard for you try:
Restrict ssh access using tcpd (TCPWrapper)
Reply With Quote
Reply

Bookmarks

Tags
iptables , linux , port 22 , ssh

« Kubuntu / Ubuntu Lan Ethernet card bonding Tutorial | Want to block personal mail attachement »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads

Thread Thread Starter Forum Replies Last Post
howto block mail service for a user ephdia Databases servers 0 07-17-2008 11:26 AM
How to Block Ultrasurf laluvirtual Linux software 9 06-15-2008 05:21 PM
Add normal user / FTP user usein NORMAL user(non-root) anilvrathod Shell scripting 0 12-07-2007 07:04 PM
Block Single User Login using root password sayan4u86 Networking, Firewalls and Security 0 09-28-2007 07:47 AM
Iptables block ip address raj Getting started tutorials 0 05-05-2007 02:01 AM


All times are GMT +5.5. The time now is 02:34 AM.

Contact Us - Linux answers from nixCraft - Archive - Top

Powered by vBulletin® Version 3.7.4 - Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.2.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36