So how do you force sshd to listen on multiple IP addresses? Let us say you have total 8 public IP address and one private IP address. You would like to bind sshd to one selected public IP (ex 70.5.xx.xx) and private IP (10.1.5.1) only.
Luckily there is an easy way to achieve this using ListenAddress option. It specifies the local addresses sshd should listen on. If this directive is skipped from configuration file sshd will bind or list on all available IP address.
Open sshd_config:
# vi /etc/ssh/sshd_config
Specify multiple ip address on each new line with ListenAddress (multiple ListenAddress options are permitted):
ListenAddress 70.5.1.1
ListenAddress 10.1.5.1
Save and close the file.
Restart the sshd:
# /etc/init.d/sshd restart
Verify that sshd is only listing to specified IP address:
# netstat -tulpn | grep :22Output:
tcp 0 0 70.5.1.1:22 0.0.0.0:* LISTEN 26472/sshd tcp 0 0 10.1.5.1:22 0.0.0.0:* LISTEN 26472/sshd
This is good if public SSHD IP address is not available due to configuration issues. You can always login via private IP connected to KVM or on board server IPMI card :)
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 5 comments… read them below or add one }
This is one of those things you never see listed anywhere. Thank you.
Thank you for the tip. I read the man-page and I was not sure, how I can use more IPs.
Hi,
Thanks for your tutorial.
I have a related question.
I have a cpanel server with multiple IPs. I created 6 websites and each had its own IP address and ssh access. When I ssh to one of these websites using its dedicated IP address as host, if I lynx to http://whatismyip.com, the IP I get back is that of the main server shared IP instead of the website dedicated IP.
How do I fix this so that the IP returned is that that of the website?
Thanks much
change your DNS A record. Replace shared ip by your dedicated ip
On ubuntu it’s:
/etc/init.d/ssh restart