Differences

This shows you the differences between two versions of the page.

--- linux_wiki:network_services_overview_ssh [2016/10/06 21:20]
billdozor [Host Based]
+++ linux_wiki:network_services_overview_ssh [2019/05/25 23:50] (current)
@@ Line 12: / Line 12: @@
   * Configure the service for basic operation
   * Configure host-based and user-based security for the service
+----
+====== Lab Setup ======
+The following virtual machines will be used:
+  * server1.example.com (192.168.1.150) -> The SSH client
+  * server2.example.com (192.168.1.151) -> The SSH server
 ----
@@ Line 65: / Line 73: @@
 firewall-cmd --permanent --add-port=2022/tcp
 firewall-cmd --reload
+</code>
+\\
+__**Connect on Non Standard Port**__
+From a client system
+<code bash>
+ssh user@server1 -p 2022
 </code>
@@ Line 107: / Line 123: @@
 ===== Host Based =====
-All are allowed by default.
+There are two methods to control access based on host:
+  * Firewall rich rule
+  * TCP Wrappers (hosts.allow, hosts.deny)
+\\
+==== Host Based: Firewall ====
+Create a rich rule<code bash>firewall-cmd --add-rich-rule='rule family="ipv4" service name="ssh" source address="192.168.1.152" log prefix="SSHD HOST DENIED: " reject'
+firewall-cmd --reload
+</code>
+  * Rejects ssh traffic from the source address 192.168.1.152 and logs the rejection.
+\\
+==== Host Based: TCP Wrappers ====
+The first match of the following actions is taken
+  * Matching entry in hosts.allow -> Host is allowed
+  * Matching entry in hosts.deny -> Host is denied
+  * No match of either -> Host is allowed
 \\
@@ Line 126: / Line 160: @@
 ===== User Based =====
+SSHD Main Config (**space separated user list**)
+<code bash>
+vim /etc/ssh/sshd_config
+AllowUsers yoda luke han
+DenyUsers vader stormtrooper
+</code>
 ----