computers:ssh_security
This is an old revision of the document!
Table of Contents
SSH security
Limit by user
Only allow required users to login.
Mac: in “System Preferences/Sharing/Remote Login”, choose users in the “Allow access for:” box.
Limit by IP address
First: deny connection from all in /etc/hosts.deny
# /etc/hosts.deny # deny from all sshd: ALL
Second: specify the allowed IPs in /etc/hosts.allow
# /etc/hosts.allow # allow intranet-ethernet IPs (192.168.1.*) # allow intranet-wireless IPs (10.0.1.*) # allow Academia Sinica IPs (140.109.*.*) # allow National Taiwan University IPs (140.112.*.*) sshd: 192.168.1., 10.0.1., 140.109., 140.112. : allow
Other IP ranges:
- Hinet: 118.160.0.0 - 118.167.255.255, 118.168.0.0 - 118.171.255.255
Check log files
Mac:
more /var/log/secure.log
Ubuntu:
more /var/log/auth.log
computers/ssh_security.1319178404.txt.gz · Last modified: by chkuo