Skip to main content

Allowing users to have ssh access

Allowing users to have ssh access

Hi Readers,

It is one of the tasks we need to complete in order to allow users to log-in into your server without compromising your security. We are going to accomplish the following tasks,

1.) Allow the users for given domain only
2.) Must allow access to a given domain
3.) Block access for a specific domain.

These questions are asked in RedHat certification examination RHCE6

We are going to complete the above mention task using iptables

To give proper example we are taking 192.168.20.0/255.255.255.0 as our domain and 192.168.21.0/255.255.255.0 as other domain.

Assuming that your system is a fresh installation we can remove all rules previously applied.

# iptables -F 

The above mention command will flush all the previously applied rules.

Insert a rule in your input chain by below mention command,

# iptables -I INPUT -s <ip of your domain>/<subnet mask> -p <protocal tcp/udp> --dport <port> -j ACCEPT

# iptables -I INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT


Appending the rule in INPUT chain [Caution don't flush your iptables]

# iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT
 # iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p udp --dport 22 -j REJECT

Need to recall the same for UDP protocol. 


A must allow access for your domain :

 Here we are going to put an allow rule for our domain into INPUT chain. Needed to be used with I/A option as per requirement,

# iptables -A INPUT -s 192.168.20.0 -p tcp --dport 22 -j ACCEPT
 # iptables -A INPUT -s 192.168.20.0 -p udp --dport 22 -j ACCEPT
A Specific domain should not have any ssh access:

 # iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p tcp --dport 22 -j REJECT

 # iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p udp --dport 22 -j REJECT


Labels:

Comments

Post a Comment

Popular posts

Mysql Scripts in Linux Command Line Terminal

In MySQL user always tries to connect with the server via command line interface such as remote login like 'ssh' then they troubled themselves in using graphical interface and get the required output quickly. So they need to automate that task. In this Blog I am going to suggest you a way to do this ... First of all we need to know that a MySQL service is kept in /etc/init.d/mysqld and we need to invoke that in order to use mysql server and client. To do this use following command in terminal : service /etc/init.d/mysqld start or service mysqld start When mysql server is started make a directory like /home/anduril/shubham_Script and after entering into that directory use this command in your terminal. vi connect_string.sh It will create a file with the name connect_string.sh you can give any name you want. Press 'i' to edit and enter the following text : mysqlshow -u root -proot mysqladmin version -u root -proot mysqladmin variables -u root -proot mysqladmin ping -u roo...
Post a Comment
Read more

Change password of mysql users

Change MySQL user's password in bulk Sometimes we need to change the password of mysql users at bulk. Lets say your company has fired a group of peoples or dissolved a project. This requirement can be supplied as : We can achieve the same by changing the password field in mysql.user table. Password() is a predifined method in mysql which generates encrypted value of a certain string. host update mysql.user set password = PASSWORD("passwd") where host IN (<Comma separated list of HostName/IP>); user update mysql.user set password = PASSWORD("passwd") where user IN (<Comma separated list of ‘user’@’host’>);
Post a Comment
Read more

Using except command with bash

1.Use the interpreter for bash at first line . #!/bin/bash 2. Use variables as per requirement and pass it to except if needed. HOST="localhost" USER="chitti" PASS="123" CMD=$@ 3. Use expect script as required. XYZ=$(expect -c " spawn ssh $USER@$HOST expect \"password:\" send \"$PASS\r\" expect \"\\\\$\" send \"$CMD\r\" expect -re \"$USER.*\" send \"logout\" ") 4.Print the result of except using echo like echo "${XYZ}"
Post a Comment
Read more

Helm generic springboot templates

With the dramatically increasing demand for container orchestration specifically Kubernetes, demand to template K8S manifests(Json/Yaml) also came to light. To handle increasing manifests, new CRDs(Custom resource definition), etc… it became obvious that we need a package manager somewhat like yum, apt, etc… However, the nature of Kubernetes manifest is very different than what one used to have with Yum and Apt. These manifests required a lot of templates which is now supported by Helm, a tool written in GoLang with custom helm functions and pipelines. Neutral background on templating Templating has been a driver for configuration management for a long time. While it may seem trivial for users coming from Ansible, Chef, Puppet, Salt, etc…, it is not. Once one moves to Kubernetes, the very first realization is hard declarative approach that Kubernetes follows. It is difficult to make generic templating with declarative form since each application may have some unique feature and r...
Post a Comment
Read more

Enter your email address: