Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

3.13. Restricting Access to an SSH Server by Host

Problem

You want to limit access to sshd from specific remote hosts.

Solution

Use sshd’s built-in TCP-wrappers support. Simply add rules to the files /etc/hosts.allow and /etc/hosts.deny, specifying sshd as the service. For example, to permit only 192.168.0.37 to access your SSH server, insert these lines into /etc/hosts.allow:

sshd: 192.168.0.37
sshd: ALL: DENY

Discussion

There is no need to invoke tcpd or any other program, as sshd processes the rules directly.

Warning

TCP-wrappers support in sshd is optional, selected at compile time. Red Hat 8.0 includes it but SuSE does not. If you’re not sure, or your sshd seems to ignore settings in /etc/hosts.allow and /etc/hosts.deny, check if it was compiled with this support:

$ strings /usr/sbin/sshd | egrep 'hosts\.(allow|deny)'
/etc/hosts.allow
/etc/hosts.deny

If the egrep output is empty, TCP-wrappers support is not present. Download OpenSSH from http://www.openssh.com (or use your vendor’s source RPM) and rebuild it:

$ ./configure --with-libwrap ...other desired options...
$ make
# make install

See Also

sshd(8), hosts_access(5).

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page