Confiure Limit all
SSH users to access from specific IP
1. Step : vi /etc/security/access.conf and make changes:
# This term will be evaluated by string matching.
# comment: It might be better to use network/netmask
instead.# The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
#+ : root : 192.168.1. 10.201.5.0. 125.15.62. (required network)
to
+ : root : 192.168.1. 10.201.5.0. 125.15.62.
#
# User "root" should be able to have access from domain.
# Uses string matching also.
#+ : root : .foo.bar.org
#
# User "root" should be denied to get access from all other sources.
#- : root : ALL
to
- : root : ALL
#
# User "foo" and members of netgroup "nis_group" should be
2. step open ssh pam file
vi /etc/pam.d/sshdauth required pam_sepermit.so
auth include password-auth
account required pam_access.so ( add this line)
account required pam_nologin.so
account include password-auth
password include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include password-auth
#/etc/inid.d/sshd restart
No comments:
Post a Comment