Saturday, 1 December 2012

Allow SSH only a particular user and IP

In this article I will explain you a SSH security tips, which will allow only a particular user or IP to access the server.

Using "AllowUsers" parameters

In the SSH configuration file /etc/ssh/sshd_config ( location of SSH configuration file in centos ), search for the parameter "AllowUsers".

AllowUsers root

This will allow only allow user root to access the server and prevent the brute force attack on the server, as any user.

You can allow a particular IP using the following setting:
AllowUsers root@

Now, this will allow only root to SSH into the server from the IP address

Now,lets see how to allow multiple users using this setting:
AllowUsers root@ manoj@ shawn

The above setting will allow root and manoj to SSH from the IP address and respectively. The user "shawn" can SSH into the server from any IP address.

After, setting this you must restart ssh service using the following command:
/etc/init.d/sshd restart

Using the parameter "AllowGroups"
There is also the AllowGroups function. For instance you can set AllowGroups Wheel which will allow only root and any one added into the wheel group for su

No comments:

Post a Comment

Note: only a member of this blog may post a comment.