Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #36407

Re: Guaranteeing SSH access to specific clients

From Harold Johanssen <noemail@please.net>
Newsgroups comp.os.linux.misc
Subject Re: Guaranteeing SSH access to specific clients
Date 2022-12-09 01:20 +0000
Organization Aioe.org NNTP Server
Message-ID <tmu2hq$18b6$1@gioia.aioe.org> (permalink)
References <tmtf02$1ufi$1@gioia.aioe.org> <op.1wvne71ia3w0dxdave@hodgins.homeip.net>

Show all headers | View raw

On Thu, 08 Dec 2022 16:31:45 -0500, David W. Hodgins wrote:

> On Thu, 08 Dec 2022 14:47:14 -0500, Harold Johanssen
> <noemail@please.net> wrote:
> 
>> 	I don't know whether this is reasonable possible, but I thought
>> I'd ask anyway, just in case:
>>
>> 	Is it possible to guarantee SSH to a specific client, to the
>> exclusion of all other clients? In effect, all other connection would
>> be immediately rejected, even before the SSH protocol exchange gets
>> going. The following requirements must be met:
>>
>> 	- The SSH server must be listening on port 22.
>> 	- The target client may connect from different, arbitrary IP
>> addresses.
>>
>> 	This would be easily possible with tweaked SSH servers and
>> clients, but I am not sure it can be done with off-the-shelf ones.
> 
> Excluding all other clients would go against the fact that linux is a
> multi-user system, so it's not a standard feature.
> 
> killing the sshd server does not kill the working ssh connection(s), so
> you could have a script run on login via ssh that kills the sshd server,
> but you'd have to also figure out how to restart it after that
> connection ends (intentionally or not).
> 
> Why do you want to do this? There's probably a better way to lock things
> when needed.
> 
> Regards, Dave Hodgins

	You misunderstood what I wrote. What I meant is the following:

	I want to ssh into a specific system that I control, from 
wherever I am in the Internet. Any ssh connections from anybody else into 
that system, wherever they are coming from in the Internet, are 
automatically rejected - it is not that they are rejected when the wrong 
username and password are supplied; rather, their connection requests are 
rejected before the ssh protocol gets started. Can this be done, with the 
constraints that I specified?

	This would be networking-related question: in a nutshell, if the 
TCP connection on port 22 is coming from me then it is forwarded to the 
ssh daemon; otherwise, it is dropped immediately. The problem is, how 
would the TCP code in my server know that the connection is coming me 
from me, as opposed to anybody else?

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-08 19:47 +0000
  Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 16:31 -0500
    Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 01:20 +0000
      Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 21:43 -0500
      Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients stepore <stepore@be.here.now> - 2022-12-08 19:34 -0800
      Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-09 04:42 +0100
        Re: Guaranteeing SSH access to specific clients "26C.Z969" <26C.Z969@noaada.net> - 2022-12-09 01:53 -0500
      Re: Guaranteeing SSH access to specific clients Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> - 2022-12-09 06:43 +0000
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:29 +0000
      Re: Guaranteeing SSH access to specific clients Allodoxaphobia <trepidation@example.net> - 2022-12-09 13:55 +0000
        Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-09 14:08 +0000
    Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-09 12:44 -0500
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:52 +0000
  Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-08 22:31 -0500
  Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-09 12:36 +0000
  Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:27 +0000
  Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 14:48 +0000
    Re: Guaranteeing SSH access to specific clients Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2022-12-09 17:42 +0200
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:36 +0000
        Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 19:35 +0000
          Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:53 +0000
            Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-10 13:58 +0000
            Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:08 +0000
              Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:15 +0000
            Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-10 19:25 -0500
              Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 00:53 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 10:37 +0100
                Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 12:50 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 20:55 +0100
                Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-12 09:35 +0000
                Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-13 08:36 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E. R." <robin_listas@es.invalid> - 2022-12-15 18:09 +0100
      Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 22:03 +0000
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:56 +0000
          Re: Guaranteeing SSH access to specific clients Ted Heise <theise@panix.com> - 2022-12-16 18:40 +0000

csiph-web