Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.os.linux.misc > #36426

Re: Guaranteeing SSH access to specific clients

From Allodoxaphobia <trepidation@example.net>
Newsgroups comp.os.linux.misc
Subject Re: Guaranteeing SSH access to specific clients
Date 2022-12-09 13:55 +0000
Message-ID <slrntp6fi4.jv5.trepidation@vps.jonz.net> (permalink)
References <tmtf02$1ufi$1@gioia.aioe.org> <op.1wvne71ia3w0dxdave@hodgins.homeip.net> <tmu2hq$18b6$1@gioia.aioe.org>

Show all headers | View raw

On Fri, 9 Dec 2022 01:20:58 -0000 (UTC), Harold Johanssen wrote:
> On Thu, 08 Dec 2022 16:31:45 -0500, David W. Hodgins wrote:
>> On Thu, 08 Dec 2022 14:47:14 -0500, Harold Johanssen
>> <noemail@please.net> wrote:
>> 
>>> 	I don't know whether this is reasonable possible, but I thought
>>> I'd ask anyway, just in case:
>>>
>>> 	Is it possible to guarantee SSH to a specific client, to the
>>> exclusion of all other clients? In effect, all other connection would
>>> be immediately rejected, even before the SSH protocol exchange gets
>>> going. The following requirements must be met:
>>>
>>> 	- The SSH server must be listening on port 22.
>>> 	- The target client may connect from different, arbitrary IP
>>> addresses.
>>>
>>> 	This would be easily possible with tweaked SSH servers and
>>> clients, but I am not sure it can be done with off-the-shelf ones.
>> 
>> Excluding all other clients would go against the fact that linux is a
>> multi-user system, so it's not a standard feature.
>> 
>> killing the sshd server does not kill the working ssh connection(s), so
>> you could have a script run on login via ssh that kills the sshd server,
>> but you'd have to also figure out how to restart it after that
>> connection ends (intentionally or not).
>> 
>> Why do you want to do this? There's probably a better way to lock things
>> when needed.
>> 
>> Regards, Dave Hodgins
>
> 	You misunderstood what I wrote. What I meant is the following:
>
> 	I want to ssh into a specific system that I control, from 
> wherever I am in the Internet. Any ssh connections from anybody else into 
> that system, wherever they are coming from in the Internet, are 
> automatically rejected - it is not that they are rejected when the wrong 
> username and password are supplied; rather, their connection requests are 
> rejected before the ssh protocol gets started. Can this be done, with the 
> constraints that I specified?

For crying out loud!  
Simply use public-private keys _only_ 
between the one client (you) and the ssh server.

Back to comp.os.linux.misc | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-08 19:47 +0000
  Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 16:31 -0500
    Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 01:20 +0000
      Re: Guaranteeing SSH access to specific clients "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2022-12-08 21:43 -0500
      Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients stepore <stepore@be.here.now> - 2022-12-08 19:34 -0800
      Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-09 04:42 +0100
        Re: Guaranteeing SSH access to specific clients "26C.Z969" <26C.Z969@noaada.net> - 2022-12-09 01:53 -0500
      Re: Guaranteeing SSH access to specific clients Henning Hucke <h_hucke+spam.news@newsmail.aeon.icebear.org> - 2022-12-09 06:43 +0000
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:29 +0000
      Re: Guaranteeing SSH access to specific clients Allodoxaphobia <trepidation@example.net> - 2022-12-09 13:55 +0000
        Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-09 14:08 +0000
    Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 03:34 +0000
      Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-09 12:44 -0500
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:52 +0000
  Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-08 22:31 -0500
  Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-09 12:36 +0000
  Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 13:27 +0000
  Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 14:48 +0000
    Re: Guaranteeing SSH access to specific clients Tauno Voipio <tauno.voipio@notused.fi.invalid> - 2022-12-09 17:42 +0200
      Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-09 17:36 +0000
        Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-09 19:35 +0000
          Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:53 +0000
            Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-10 13:58 +0000
            Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:08 +0000
              Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-10 14:15 +0000
            Re: Guaranteeing SSH access to specific clients Andreas Kohlbach <ank@spamfence.net> - 2022-12-10 19:25 -0500
              Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 00:53 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 10:37 +0100
                Re: Guaranteeing SSH access to specific clients Robert Heller <heller@deepsoft.com> - 2022-12-11 12:50 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E.R." <robin_listas@es.invalid> - 2022-12-11 20:55 +0100
                Re: Guaranteeing SSH access to specific clients Pancho <Pancho.Jones@proton.me> - 2022-12-12 09:35 +0000
                Re: Guaranteeing SSH access to specific clients Richard Kettlewell <invalid@invalid.invalid> - 2022-12-13 08:36 +0000
                Re: Guaranteeing SSH access to specific clients "Carlos E. R." <robin_listas@es.invalid> - 2022-12-15 18:09 +0100
      Re: Guaranteeing SSH access to specific clients Harold Johanssen <noemail@please.net> - 2022-12-09 22:03 +0000
        Re: Guaranteeing SSH access to specific clients The Natural Philosopher <tnp@invalid.invalid> - 2022-12-10 09:56 +0000
          Re: Guaranteeing SSH access to specific clients Ted Heise <theise@panix.com> - 2022-12-16 18:40 +0000

csiph-web