Reset Search
 

 

Article

Dragon: Restricting SSH Access on a Dragon Appliance

« Go Back

Information

 
TitleDragon: Restricting SSH Access on a Dragon Appliance
Objective
Restricting command line access via SSH to all Dragon appliances (both the Intel and Dell platforms)
Environment
  • Dragon v7.x
  • Dragon v8.x
Procedure
The following procedure would be performed on the Dragon appliance you wish to restrict SSH access:
 
  1. vi /etc/ssh/sshd_config
    • Change the ListenAddress variable from 0.0.0.0 to the external management IP address of the Dragon appliance.

     

  2. vi /etc/hosts.allow
    • Add in the following lines, substituting x.x.x.x with the IP address you wish to allow access to SSH:
       
      • sshd : x.x.x.x : allow
        sshd : ALL : deny
    • *Note: You can use a wildcard for x.x.x.x. For example, if you wanted to allow all IP's in the 172.26.153.x range, you could use: note the period after 153)

       

      sshd : 172.26.153. : allow
      sshd : ALL : deny

         

       

       

       

      • vi /etc/hosts.deny
        • Add in the line:
           
          • sshd : ALL

     

    For example, in your Dragon appliance has the IP address of 172.26.53.90, and you wanted to only allow SSH access from machines in the 172.26.153.x nextwork:

    1. ListenAddress ( /etc/ssh/sshd_config ) would be set to: 172.26.53.190
    2. /etc/hosts.allow would have entries of (note period after 153.):
       
      • sshd : 172.26.153. : allow
        sshd : ALL : deny
    3. /etc/hosts.deny would have entry of:

       

      • sshd: ALL

       

    This would prevent all machines from SSHing to 172.26.53.190 except for 172.26.153. machines (like 172.26.153.175).

     

    Additional notes

    Feedback

     

    Was this article helpful?


       

    Feedback

    Please tell us how we can make this article more useful.

    Characters Remaining: 255