How to allow SSH traffic on one of the interface and restrict on other interfaces ?
Environment
- Red Hat Enterprise Linux 4
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
Issue
- How to configure
SSHservice listen to requests only on certain interfaces ? - A server with multiple interfaces are configured to use different IP addresses. How to allow SSH traffic on one of the interface and restrict on other interfaces.
- How to restrict
SSHtraffic only through a single interface(IP Address) ?
Resolution
- By default
sshdorSSHservice listens request on all the interfaces.
$ grep sshd netstat
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 12412 3522/sshd off (0.00/0/0)
-
To configure
sshdlisten on a particular interface edit/etc/ssh/sshd_configand update IP address on whichsshdshould listen.sshdwill only listen to the configured interface, requests on another interface will not be entertained.
$ vi /etc/ssh/sshd_config
ListenAddress <IP_address>
- To configure sshd to listen on multiple interface, append list of IP address as below:
ListenAddress <IP_address>
ListenAddress <IP_address>
- Also make sure
sshdservice is restarted after the changes are done in the configuration file.
service sshd restart
Root Cause
- Bind IP address with
sshdto listen on that particular interface.
Diagnostic Steps
- Check binded interfaces for
sshdon which it is listening.
$ grep sshd netstat
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
