Wednesday, 26 June 2013

Configure Limit all SSH users to access from specific IP

Confiure Limit all SSH users to access from specific IP
1.       Step :
vi   /etc/security/access.conf  and make changes:

# This term will be evaluated by string matching.
# comment: It might be better to use network/netmask instead.
#          The same is or
#+ : root : 192.168.1. 125.15.62.   (required network)
+ : root : 192.168.1. 125.15.62.  
# User "root" should be able to have access from domain.
# Uses string matching also.
#+ : root :
# User "root" should be denied to get access from all other sources.
#- : root : ALL
- : root : ALL
# User "foo" and members of netgroup "nis_group" should be

2.  step open ssh pam file
vi /etc/pam.d/sshd
auth       required
auth       include      password-auth
account    required   ( add this line)
account    required
account    include      password-auth
password   include      password-auth
# close should be the first session rule
session    required close
session    required
# open should only be followed by sessions to be executed in the user context
session    required open env_params
session    optional force revoke
session    include      password-auth

#/etc/inid.d/sshd restart



No comments:

Post a Comment

Install XRDP in Centos 7

rpm -Uvh yum update yum groupinstall "GNOME Desktop" ...