Skip to main content

Allowing users to have ssh access

Allowing users to have ssh access

Hi Readers,

It is one of the tasks we need to complete in order to allow users to log-in into your server without compromising your security. We are going to accomplish the following tasks,

1.) Allow the users for given domain only
2.) Must allow access to a given domain
3.) Block access for a specific domain.

These questions are asked in RedHat certification examination RHCE6

We are going to complete the above mention task using iptables

To give proper example we are taking 192.168.20.0/255.255.255.0 as our domain and 192.168.21.0/255.255.255.0 as other domain.

Assuming that your system is a fresh installation we can remove all rules previously applied.

# iptables -F 

The above mention command will flush all the previously applied rules.

Insert a rule in your input chain by below mention command,

# iptables -I INPUT -s <ip of your domain>/<subnet mask> -p <protocal tcp/udp> --dport <port> -j ACCEPT

# iptables -I INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT


Appending the rule in INPUT chain [Caution don't flush your iptables]

# iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT
 # iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p udp --dport 22 -j REJECT

Need to recall the same for UDP protocol. 


A must allow access for your domain :

Here we are going to put an allow rule for our domain into INPUT chain. Needed to be used with I/A option as per requirement,

# iptables -A INPUT -s 192.168.20.0 -p tcp --dport 22 -j ACCEPT
 # iptables -A INPUT -s 192.168.20.0 -p udp --dport 22 -j ACCEPT
A Specific domain should not have any ssh access:

# iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p tcp --dport 22 -j REJECT

 # iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p udp --dport 22 -j REJECT


Comments

Popular posts

Hipchat and Icinga

Hipchat Notify 2.0 Hipchat notification with API 2.0 to be used with ICINGA/Nagios Table of Contents Table of Contents Author Audience Introduction Ruby Script Script used on server Service notification Host notification Change in command.conf for Icinga server Example notification Roadmap Author Shubhamkr619@gmail.com Audience System Engineers and operation engineers Introduction Change the default mail notification of Icinga server to hipchat notification using ruby code. This will allow a single place of management of all the notification and alerts across organization. Let that be service,host or business level alerts all can be managed and monitored using hipchat and hubot will give certain advantage over traditional alerting system. Proactive and reactive alerting Managed monitoring Single place of all the alerts Better communication and collaboration Integration with multiple tools in CI cycle Jenkins Chef ...

Enter your email address: