Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: SSH security
« previous next »
Pages: [1]   Go Down

SSH security

  • 8 Replies
  • 1860 Views

BOD

SSH security
« on: December 23, 2004, 12:51:50 AM »
is it possible to only allow root to SSH insidee the network.

ie from external access root would be refused?
Logged

duncan

SSH security
« Reply #1 on: December 23, 2004, 01:15:24 AM »
Yes
Logged

mbachmann

SSH security
« Reply #2 on: December 23, 2004, 08:28:41 AM »
duncan means: check server manager - security - remote access.
Logged

BOD

SSH security
« Reply #3 on: December 25, 2004, 12:29:17 AM »
ive tried all of those and it isnt what i want :-(

i want to be able to use SSH as root only inside my network. so if i used the root account outisde i would be refused
Logged

Offline mrjhb3

  • *
  • 1,188
  • +0/-0
    • John Bennett Services
SSH security
« Reply #4 on: December 25, 2004, 03:57:30 AM »
mbachmann is correct.  Under server manager/security/remote access, check the secure shell access.  You should have yours set to Allow access only from local networks.  I just tested this on a server I remotely manage.  I changed the settings to only allow local and I was denied ssh access to the box.

Now, if you have added any networks in the local access section, then those networks will still be able to ssh to the server.

GL,

JB
Logged
......

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
SSH security
« Reply #5 on: December 27, 2004, 03:17:26 AM »
Quote from: "mrjhb3"
mbachmann is correct.


mbachmann is usually correct. On this occasion he is not.

Quote
Under server manager/security/remote access, check the secure shell access.  You should have yours set to Allow access only from local networks.  I just tested this on a server I remotely manage.  I changed the settings to only allow local and I was denied ssh access to the box.


IIUC, the original poster wants to allow ssh in as root only from the local network. Unfortunately, that's not an option that sshd supports. You'd need to run two instances of sshd, one configured to allow access to "root", and the other not. You'd need to direct connections from the local network to the first instance, and connections from elsewhere (i.e. from the Internet) to the second.
Logged

big_gie

SSH security
« Reply #6 on: December 28, 2004, 07:08:13 AM »
The easiest wouldn't be disallow root connection, but let just one user execute the "su" command?

You could prevent root from connecting (is it possible?) and allow one of your user (you) to sudo to gain root access...

I'm using a contrib from here, can't remember the name. It let you control ssh user access...
Logged

Offline CharlieBrady

  • *
  • 6,918
  • +3/-0
SSH security
« Reply #7 on: December 28, 2004, 04:05:53 PM »
Quote from: "big_gie"
The easiest wouldn't be disallow root connection, but let just one user execute the "su" command?


Not quite. The easiest would be to disallow root connection, but allow one user to execute the "su" command.

Quote

You could prevent root from connecting (is it possible?)


Yes it is, it's the default condition.
Quote

 and allow one of your user (you) to sudo to gain root access...


Yep, sudo is a good thing.
Logged

big_gie

SSH security
« Reply #8 on: December 28, 2004, 04:13:15 PM »
Quote from: "CharlieBrady"
Quote from: "big_gie"
The easiest wouldn't be disallow root connection, but let just one user execute the "su" command?


Not quite. The easiest would be to disallow root connection, but allow one user to execute the "su" command.


That's what I meant  :-D
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. General Discussion (Legacy)
  4. Topic: SSH security