Ping a Specific Port

Question

greg0ire

Asked: 2013-04-26 00:10:03 +0800 CST2013-04-26 00:10:03 +0800 CST 2013-04-26 00:10:03 +0800 CST

ssh: allow all users for one IP, and restrict to one user for public IP

772

I have a server on a VPN. This server has a public address and has a gitlab instance on it. I'd like to be able to connect with any ssh user from the VPN address, but restrict the access to the git user from the public address.

How can I achieve both things at the same time?

I'm already restricting access like this:

# Listen on localhost
ListenAddress 127.0.0.1
# Listen on public address
ListenAddress 1.2.3.4
# Listen on the VPN address
ListenAddress 5.6.7.8

I'm on an Ubuntu server system, using openssh version 1:5.9p1-5ubuntu1

2 Answers

Voted

Iain · Answer 1 · 2013-04-26T00:36:49+08:00

Iain

2013-04-26T00:36:49+08:002013-04-26T00:36:49+08:00

You should be able to achieve this using Match blocks ( localAddress)with additional AllowUsers/DenyUsers filtering in your sshd_config file, like this (assuming 1.2.3.4 is your public address):

Match LocalAddress 1.2.3.4
    AllowUsers git

4

greg0ire · Answer 2 · 2013-04-26T04:59:42+08:00

greg0ire

2013-04-26T04:59:42+08:002013-04-26T04:59:42+08:00

I ended up using AllowUsers, without a match block, like this:

AllowUsers git root@somepattern root@someotherpattern

1

ssh: allow all users for one IP, and restrict to one user for public IP

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?