Restrict ssh access using tcpd (TCPWrapper)
tcpd is use to access control facility for internet services. The tcpd program can be set up to monitor incoming requests for telnet, finger, ftp, exec, rsh, rlogin, tftp, sshd and other services that have a one-to-one mapping onto executable files. Your sshd server must be configuring (compiled with) to support tcpd.
You can find out tcpd (tcpwrapper) support easily with following command:
# strings $(which sshd)| grep libwrap
libwrap.so.0 libwrap refuse returns
If you get output libwrap (as above) then you can use tcpd as follows. Open file /etc/hosts.deny in text editor. This file list of hosts/IPs that are not allowed to access the system. In your case you will block sshd (port 22). Let us say you would like to deny access to IPs 202.54.1.20 64.66.44.22 64.66.44.25.
# vi /etc/hosts.deny Add/append following line to file:sshd: 202.54.1.20 64.66.44.22 64.66.44.25Save and exit to shell prompt. Next make sure your rules are correct with the following command:
# tcpdchk -v
Output:
Using network configuration file: /etc/inetd.conf >>> Rule /etc/hosts.deny line 20: daemons: sshd clients: 202.54.1.20 64.66.44.22 64.66.44.25 access: denied
See also:
E-mail this to a friend
Printable version
Related Other Helpful FAQs:
- Restrict ssh access using Iptable
- Apache restrict access based on IP address to selected directories
- How To Secure Apache Proxy Server (mod_proxy)
- FTP Connection refused error - Solution to problem
- Allow root account to use SSH (openssh)
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: access control, append, configuration file, configuring, exec, executable files, grep, incoming requests, inetd, internet services, ips, network configuration, port 22, rlogin, rsh, shell, sshd server, tcpd, tftp
Recent Comments
Yesterday ~ 12 Comments
Yesterday ~ 7 Comments
Yesterday ~ 2 Comments
Yesterday ~ 3 Comments
Yesterday ~ 3 Comments