One very effective way that I have found to do this is to use the 'hosts.allow' file located at /etc/hosts.allow Openssh uses this to restrict or allow access to the server from IP, host names, etc. Keep in mind that using this method can restrict access to the server using ANY method. To retrict only SSH you must them also ALLOW all other system methods. For instance, to block access to the server from any IP except 216.12.214.217, but allow all IP's to access the server using ftp, use this syntax: ------------------------------- ALL : 216.12.214.217 : ALLOW vsftpd : ALL ALL : ALL : DENY -------------------------------- basically, this says, allow 216.12.214.217 access of any kind. Allow anyone to access using VSFTP. Deny all others. One other important note: hosts.allow only blocks or allows access to system services such as SSH, FTP, HTTPD, etc. This will not restrict access to a non-standard service such as a game server or chat software running on port 10000. Luke >>> >>>i have a redhat enterprise 3 linux box, how can i configure SSH >>> demon >>>only to allow SSH connections only form selected IP's ? >>> >>>i have 3 IP rangers that i need to allow, how can i do this ? >>> >>>thanks a lot >>>Kev >> >>> >>Use your firewall rules. Something like: >> >>iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -s >>192.168.0.0/24 --dport 22 -j ACCEPT >>iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -d >>192.168.0.0/24 --sport 22 -j ACCEPT >> >>Where 192.168.0.0/24 is the range you are allowing. > > anyway i can do this with the SSH config ? > > i can use the iptabel rules for 2-3 IP rangers ? > > ------- > Web Hosting at a cheap price, starting at $1 per month with your own domain, .COM, .NET, .LK, .ORG etc.. > PHP, CGI, Perl, MySQL, Cpanel 9, POP3, POP3s, SMTP, IMAP, FTP, > http://www.orbitsl.net > > - > : send the line "unsubscribe > linux-admin" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > - : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
