SSH Root Access Login Control

Posted by Planet Malaysia on August 3, 2006

After read “OpenSSH Root user account restriction – revisited” article, I did a test on my testing server.

The pam_access PAM module is mainly for access management. It provides logdaemon style login access control based on login names, host or domain names, internet addresses or network numbers, or on terminal line names in case of non-networked logins.

By default rules for access management are taken from config file /etc/security/access.conf if you don’t specify another file.

Example: Grant root access for IP Address: 192.168.1.10 ONLY

1. vi /etc/pam.d/sshd and append
account    required     pam_access.so

2. vi /etc/security/access.conf and add as shown below
#Denied ALL
- : root : ALL
# ONLY allow IP 192.168.1.10
+ : root : 192.168.1.10.

Save both file and it’s worked! I can ssh root@planetmy.com from 192.168.1.10 but not other machine.

Note: as soon as you save changes to /etc/security/access.conf, they are applied by PAM configuration. So be careful when writing rules and please backup before do any changes on your file.

Check here for more understand about pam_access.

Possibly Related Posts:

• How to Install Webmin on OpenFiler
• lppasswd: Unable to open passwd file: Permission denied
• Missing /var/log/lastlog
• Telnet service_limit error
• How To Capture PUTTY Session Log

Comments

Planet Malaysia on Facebook

• Recent Posts

  • Android Development Training Program for Beginner (FREE)
  • MSC Malaysia Fully Sponsored 3D Animation Course
  • How to add Dell PERC Drivers into VMware Converter Cold Clone ISO
  • Top 10 Free Anti Virus
  • How to Install Webmin on OpenFiler
  • Samsung Galaxy Tab 2
  • Google Tablet ‘iPad’
  • Most Expensive Domain Names – Updated
  • Microsoft SQL 2008 Agent not starts
  • VMware Workstation 7 Serial Key

• Recent Comments

  • KH on Top 10 Free Anti Virus
  • cheok on SPAM Comment
  • Vo Hien on Prepaid Washing Machine & Dryer
  • pipo on How to download NDS game into R4 Revolution?
  • pipo on How to download NDS game into R4 Revolution?

• Archives

  Select Month December 2011 August 2011 July 2011 June 2011 April 2011 January 2011 December 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 December 2007 November 2007 October 2007 September 2007 August 2007 July 2007 June 2007 May 2007 April 2007 March 2007 February 2007 January 2007 December 2006 November 2006 October 2006 September 2006 August 2006 July 2006 June 2006 May 2006 April 2006 March 2006 February 2006

• Categories

  • Advertisement
  • Aggregates
  • amulets
  • Announcement
  • Blog
  • Blogroll
  • Contacts
  • Events
  • How's To
  • ISP
  • Make Money
  • Microsoft
  • News
  • Open Source
  • Personal
  • Politics
  • Poll
  • Religion
  • SEO
  • Soccer
  • Tips
  • Training
  • Uncategorized
  • VMware
  • Web 2.0
  • Windows