Allowing users to have ssh access
Hi Readers,
It is one of the tasks we need to complete in order to allow users to log-in into your server without compromising your security. We are going to accomplish the following tasks,
1.) Allow the users for given domain only
2.) Must allow access to a given domain
3.) Block access for a specific domain.
These questions are asked in RedHat certification examination RHCE6
We are going to complete the above mention task using iptables
To give proper example we are taking 192.168.20.0/255.255.255.0 as our domain and 192.168.21.0/255.255.255.0 as other domain.
Assuming that your system is a fresh installation we can remove all rules previously applied.
# iptables -F
The above mention command will flush all the previously applied rules.
Insert a rule in your input chain by below mention command,
# iptables -I INPUT -s <ip of your domain>/<subnet mask> -p <protocal tcp/udp> --dport <port> -j ACCEPT
# iptables -I INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT
Appending the rule in INPUT chain [Caution don't flush your iptables]
# iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p tcp --dport 22 -j REJECT
# iptables -A INPUT ! -s 192.168.20.0/255.255.255.0 -p udp --dport 22 -j REJECT
Need to recall the same for UDP protocol.
A must allow access for your domain :
Here we are going to put an allow rule for our domain into INPUT chain. Needed to be used with I/A option as per requirement,
# iptables -A INPUT -s 192.168.20.0 -p tcp --dport 22 -j ACCEPT
# iptables -A INPUT -s 192.168.20.0 -p udp --dport 22 -j ACCEPT
A Specific domain should not have any ssh access:
# iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p tcp --dport 22 -j REJECT
# iptables -A INPUT -s 192.168.25.0/255.255.255.0 -p udp --dport 22 -j REJECT
Comments
Post a Comment