Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Restricting SSH usage
Top Forums UNIX for Dummies Questions & Answers Restricting SSH usage Post 302269347 by mojoman on Wednesday 17th of December 2008 12:41:23 PM
Old 12-17-2008
Restricting SSH usage
Hello,

For one of our servers, we have had people trying to illegally loggon using the ssh service.
My manager has asked me to restrict ssh access to users in our internal network but close ssh access to the "outside" world.

Could someone at the very least point me to some resources on the net which could be of some use to me? There is no point asking for someone to answer such a grandiose question but getting pointed in the right direction would be appreciated.

Thanks,
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Enabling backspace usage in Putty SSH connection ?

I have started a new job for 2 weeks not. I am distributing software packages through Tivoli and connecting to the servers using Putty in X11 and SSH. But on the command line, the backspace is disabled. I know its a command I have to enter in my .profile but I don't remember. There is a Ctrl+H... (2 Replies)
Discussion started by: Browser_ice
2 Replies

2. Shell Programming and Scripting

SSH usage in a script

I have configured ssh to a remote server without prompting for a password with the help of public keys...but now i am not able to execute any commands through a script what i want is a one line script which takes me directly into /var directory after executing it...searched the entire forum but... (2 Replies)
Discussion started by: roshanjain2
2 Replies

3. HP-UX

how can I find cpu usage memory usage swap usage and logical volume usage

how can I find cpu usage memory usage swap usage and I want to know CPU usage above X% and contiue Y times and memory usage above X % and contiue Y times my final destination is monitor process logical volume usage above X % and number of Logical voluage above can I not to... (3 Replies)
Discussion started by: alert0919
3 Replies

4. AIX

How to monitor the IBM AIX server for I/O usage,memory usage,CPU usage,network..?

How to monitor the IBM AIX server for I/O usage, memory usage, CPU usage, network usage, storage usage? (3 Replies)
Discussion started by: laknar
3 Replies

5. Shell Programming and Scripting

SSH Usage

Hi, When i am using SSH, trying to automate some process, it seems as I am loosing environment settings that belongs to proper running of jboss server. On Server (X) a User (A) is trying to run a jboss server but the location of jboss is on the same server (X) but on different user (B) . The... (1 Reply)
Discussion started by: nimrodt
1 Replies

6. Shell Programming and Scripting

SSH and It's usage

Hi , I was going through a script and I saw following commands :-- OPTS="-e /usr/local/bin/ssh -ralpgHSvuz --stats --rsync-path=/usr/local/bin/rsync" OPTS="-e /usr/local/bin/ssh -vrlopgt --stats --rsync-path=/usr/local/bin/rsync" Can someone please explain the meaning of words... (4 Replies)
Discussion started by: Abhayman
4 Replies

7. AIX

restricting sftp and ssh for a user

I want to know if there is any way to set up a users home directory access with a restricted shell and allow them to SFTP to the directory. I want to allow the user to SSH into their home directory but no where else on the AIX server. I also want the user to be able to SFTP files to their home... (1 Reply)
Discussion started by: daveisme
1 Replies

8. Shell Programming and Scripting

Need help on ssh usage in a loop of shell script

I need help on how to connect remote systems through ssh command in while loop of shell script. I was able to connect one remote system using ssh from shell script. Please find sample code snippet as given below….. ssh "root@148.147.179.100" ARG1=$rpmFileName 'bash -s' <<'ENDSSH' ... (5 Replies)
Discussion started by: rajesh.tulluri
5 Replies

9. UNIX for Dummies Questions & Answers

Restricting Usage of Setuid Programs to the Admin User In MacOsx

This is a quote from the Apple security configuration (you can download it from Apple) " Using ACLs to Restrict Usage of Setuid Programs The ACL feature of Mac OS X can also be used to restrict the execution of setuid programs. Restricting the execution of setuid programs to administrators... (3 Replies)
Discussion started by: Vera
3 Replies

10. Red Hat

Xinetd flags and tcp46 socket usage to telnet / ssh via v4 and v6 addresses

Hello everyone.. I need some help in understanding the usage of tcp46 socket and xinetd.d flags.. What I'm trying to do? I'm looking to use tenet via tcp46 socket for both ipv4 and ipv6 traffic. For this, if i set flags = IPV6 xinetd.d, telnet service, i can not telnet via V4. If I unset the... (0 Replies)
Discussion started by: Sudharshan
0 Replies

LEARN ABOUT HPUX

ssh-keysign

ssh-keysign(1M)                                                                                                                    ssh-keysign(1M)

NAME

       ssh-keysign - ssh helper program for host-based authentication

SYNOPSIS

       ssh-keysign

       ssh-keysign  is  used  by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
       with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the  name  of  the
       client user.

       ssh-keysign  is  disabled  by  default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
       basedAuthentication to yes.

       ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based  authen-
       tication.

       /etc/ssh/ssh_config

           Controls whether ssh-keysign is enabled.

       /etc/ssh/ssh_host_dsa_key
       /etc/ssh/ssh_host_rsa_key

           These  files  contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
           only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must  be  set-uid  root  if  host-based
           authentication is used.

       ssh-keysign will not sign host-based authentication data under the following conditions:

         o  If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
            den in users' ~/.ssh/ssh_config files.

         o  If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of  the  client  where  ssh-keysign  is
            invoked and the name of the user invoking ssh-keysign.

       In  spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
       as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWsshu                     |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

       ssh(1), sshd(1M), ssh_config(4), attributes(5)

AUTHORS

       Markus Friedl, markus@openbsd.org

HISTORY

       ssh-keysign first appeared in Ox 3.2.

                                                                    9 Jun 2004                                                     ssh-keysign(1M)
All times are GMT -4. The time now is 10:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy