Carl A. Schreiber wrote:
Hello,
a question about a (SuSE)Firewall-Login:
Is there a possibility (most probably) to restrict the ssh-access (user and root) to the firewall to certain (local) networks like 10.10.10.*?
Am I on the right way that I must change /etc/ssh/sshd_config
Here I should change #ListenAddress 0.0.0.0 to ListenAddress 10.10.10.0 (with this only from the 10.10.10.0 net a user can login, root login is denied anyway)
But _only_ this? For me there is no need to protect from 'inside' as it is only me.
What exactly are you trying to accomplish? If you want to only allow SSH from the internal network, including root, use the rollowing in sshd_config: ListenAddress 10.10.10.5 (or whatever the IP of the server is) PermitRootLogin yes This will prevent anyone from connecting to ssh from the external network, and allow even root to login from internal. In general, this is not desirable, but if it's what you want, that's how you do it.