You are not logged in.
I have a small server that share files and get some users in. Im using ssh for this. i want to restrict the users to connecto to another server in LAN. So
can i remove the ssh-client ? i noticed they come bundled in one package openssh. Also i think there is some kind of dependency, i mean the server depends somewhat on the client, so i was going to issue :
rm /usr/bin/ssh but i gave it a second thought and did:
chmod 700 /usr/bin/ssh to prevent any user other than root to use ssh. But it would be more secure to remove ssh completely in case anyone gains root access. o well i suppose that supposed atacker can isntall ssh back. Anyways maybe it makes sense to remove it. Does it?? Any other thoughts on security over ssh??
Last edited by hydrosIII (2014-06-22 03:13:38)
Offline
If you want to restrict which users can log in to a particular server then on that server you configure their user names in the "AllowUsers" list in /etc/ssh/sshd_config (and then restart sshd).
Offline
Set your firewall to block outgoing ssh traffic.
Offline
bulletmark im trying to restrict already connected users to connect from the server. As the permissions of the LAN is that is a safe zone and envery coomputer accepts ssh from internal LAN, not from external.
Firewall blocking ssh outbound?? i think taht wopul be the solution. but now user can't run ssh anyway. just root. It may add some extra security.
Offline