How to allow SSH traffic on one of the interface and restrict on other interfaces ?

Solution Unverified - Updated -

Environment

  • Red Hat Enterprise Linux 4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6

Issue

  • How to configure SSH service listen to requests only on certain interfaces ?
  • A server with multiple interfaces are configured to use different IP addresses. How to allow SSH traffic on one of the interface and restrict on other interfaces.
  • How to restrict SSH traffic only through a single interface(IP Address) ?

Resolution

  • By default sshd or SSH service listens request on all the interfaces.
$ grep sshd netstat
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      0          12412      3522/sshd           off (0.00/0/0)
  • To configure sshd listen on a particular interface edit /etc/ssh/sshd_config and update IP address on which sshd should listen. sshd will only listen to the configured interface, requests on another interface will not be entertained.

$ vi /etc/ssh/sshd_config
ListenAddress <IP_address>
  • To configure sshd to listen on multiple interface, append list of IP address as below:
ListenAddress <IP_address>
ListenAddress <IP_address>
  • Also make sure sshd service is restarted after the changes are done in the configuration file.
service sshd restart

Root Cause

  • Bind IP address with sshd to listen on that particular interface.

Diagnostic Steps

  • Check binded interfaces for sshd on which it is listening.
$ grep sshd netstat

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.