Tuesday, June 18, 2013

Allow SSH only a particular user and IP

Allow SSH only a particular user and IP
In this article I will explain you a SSH security tips, which will allow only a particular user or IP to access the server.

Using "AllowUsers" parameters
======

In the SSH configuration file /etc/ssh/sshd_config ( location of SSH configuration file in centos ), search for the parameter "AllowUsers".

====
AllowUsers root
====

This will allow only allow user root to access the server and prevent the brute force attack on the server, as any user.

You can allow a particular IP using the following setting:
====
AllowUsers root@139.4.5.10
====

Now, this will allow only root to SSH into the server from the IP address 139.4.5.10

Now,lets see how to allow multiple users using this setting:
====
AllowUsers root@139.4.5.10 manoj@139.4.5.11 shawn
====

The above setting will allow root and manoj to SSH from the IP address 139.4.5.10 and 139.4.5.11 respectively. The user "shawn" can SSH into the server from any IP address.

After, setting this you must restart ssh service using the following command:
====
/etc/init.d/sshd restart
====

Using the parameter "AllowGroups"
====
There is also the AllowGroups function. For instance you can set AllowGroups Wheel which will allow only root and any one added into the wheel group for su
===

No comments:

Post a Comment