How to allow SSH traffic on one of the interface and restrict on other interfaces ?
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
Issue
- How to configure
sshdservice listen to requests only on certain interfaces ? - A server with multiple interfaces are configured to use different IP addresses. How to allow SSH traffic on one of the interface and restrict on other interfaces.
- How to restrict
SSHtraffic only through a single interface(IP Address) ?
Resolution
- By default
sshdorSSHservice listens request on all the interfaces.
$ grep sshd netstat
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 12412 3522/sshd off (0.00/0/0)
-
To configure
sshdlisten on a particular interface edit/etc/ssh/sshd_configand update IP address on whichsshdshould listen.sshdwill only listen to the configured interface, requests on another interface will not be entertained.
$ vi /etc/ssh/sshd_config
ListenAddress <IP_address>
- To configure sshd to listen on multiple interface, append list of IP address as below:
ListenAddress <IP_address1>
ListenAddress <IP_address2>
- Also make sure
sshdservice is restarted after the changes are done in the configuration file.
For Red Hat Enterprise Linux 6
service sshd restart
For Red Hat Enterprise Linux 7 and Later
systemctl restart sshd
Diagnostic Steps
- Check binded interfaces for
sshdon which it is listening.
[root@server-0 ~]# netstat -ntlup | grep sshd
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 29342/sshd
tcp6 0 0 :::22 :::* LISTEN 29342/sshd
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments