Restrict SSH Access

Support for security such as Firewalls and securing linux
Post Reply
johnnyblaze
Posts: 1
Joined: 2018/06/05 18:59:04

Restrict SSH Access

Post by johnnyblaze » 2018/06/05 19:25:52

Hello Everyone,

I appreciate any and all input of information. This is my dilemma

I am not sure if this is possible but want to restrict ssh access in a way that a user can login via ssh but i do not want them to be able to ssh from that machine to anywhere else.

For example:

User is on his home laptop --> ssh into workstation with AD credentials ( I already restricted this with winbind ) --> Now the user is in his workstation but he can now ssh to any other computer on the network.

I do not want them to "hop" to any other machine once they are logged into their workstation.

Once again thank you in advance for any tips.

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: Restrict SSH Access

Post by tunk » 2018/06/06 09:56:08

Close the firewall for outgoing ssh.
Remove execute bit for /usr/bin/ssh "other". Don't know if this is good practice.

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: Restrict SSH Access

Post by MartinR » 2018/06/06 13:05:48

The latter will not stop

Code: Select all

$ sh /usr/bin/ssh
from working.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Restrict SSH Access

Post by TrevorH » 2018/06/06 14:16:10

It's possible to yum remove openssh-clients but that would stop anyone on there from running ssh/sftp/scp/slogin and ssh-{add,agent,copy-id,keyscan} but that may be an acceptable solution.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply