Hi,
From: Carl A. Schreiber [mailto:gooly@gmx.at] Sent: Donnerstag, 23. September 2004 10:55 To: suse-security@suse.com Subject: Re: [suse-security] SSH password attacks
Hello,
a question about a (SuSE)Firewall-Login:
Is there a possibility (most probably) to restrict the ssh-access (user and root) to the firewall to certain (local) networks like 10.10.10.*?
Yes, you can filter ssh (port 22) by ipchains (SuSE-Firewall: FW_SERVICES_INT="ssh" and remove it from FW_SERVICES_EXT).
Am I on the right way that I must change /etc/ssh/sshd_config
Here I should change #ListenAddress 0.0.0.0 to ListenAddress 10.10.10.0 (with this only from the 10.10.10.0 net a user can login, root login is denied anyway)
The ListenAddress is the binding address of the daemon. It binds to the adapter with the given address and port - so if you use your internal address like 10.10.10.254 or whatever it only listens to ssh requests for this address. To allow requests only from certain subnets have a look at hosts.allow and hosts.deny. But it should suffice to use a firewall and bind sshd to local addresses only.
But _only_ this? For me there is no need to protect from 'inside' as it is only me.
Thanks in advance, Carl
You're welcome, Stefan