Intro:
This is a simple way to permit a select few IP addresses to access your raspberry pi though SSH and deny any others. By white listing certain IP addresses from networks you know you are adding a layer of security helping prevent others from accessing your machine. This is handy if you only access your machine from a few set locations, such as on the LAN and at work.
There are a few methods you could go about doing this, but i find this the most easy to implement, allowing you do accomplish basic permit and deny without iptables.
The two files needed to be edited are /etc/hosts.allow and /etc/hosts.deny
Step 1)
Enter:
sudo nano /etc/hosts.allow
sudo nano /etc/hosts.allow
The file should be empty. At this point just add the ip addresses or subnets which you want to permit, for example:
sshd: 10.0.0.0/255.255.255.0
TIP: For specific IP addresses, just enter the address without the subnet.sshd: 192.168.0.0/255.255.255.0
Step 2)
Enter:
sudo nano /etc/hosts.deny
By entering the following you will deny all other addresses which were not explicitly defined before (everyone else).
sshd: ALL
Conclusion:
Now only those ip addresses or subnets defined will be able to get ssh access to your ssh server, others will not be able to connect.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.