ssh connection allowed only to a specific remote user

In my office i setup my PC as ssh server, that is i opened the port TCP 22 in the firewall and had sshd running.
Just that i get tons of attack attempts a day, i have super-strong passwords so none of those attacks was successful so far, but i would still like better protection because i have a lot of personal information on that machine that needs to be protected.

I am the only person that needs to login (from home) so i would like to have the ssh service allowed only to me and nobody else.

I cannot find around clear explanations about how to do this.

I use the default built-in firewall, opensuse 11.

At home, i have DHCP but my IP address never changed in months so i could also set restricted authentication based on IP-address

Thanks in advance for any tip!

Hi
Don’t run it on the standard port, configure it on a high one eg 12222
and ssh to that :slight_smile:


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.18-0.1-default
up 1 day 3:22, 1 user, load average: 0.18, 0.38, 0.36
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

thats a good idea!

in some cases however they might run some scanport tools to catch ports on which some services are running, and in that case they would still attempt to login into that port…

But if i can find a way to allow only one user, then i will also bring the sshd to another port.

Thanks for the tip malcolmlewis!

does this not do what you require
you enable password as well by typing one at point 2 in the howto

Public Key Authentication - openSUSE

Ah yeah thats exactly what i was looking for! For some reasons i missed that tutorial there. Thanks a bunch for your help caf4926!

I’m gonna do that and shift the service to a high random port as suggested by malcolmlewis

Thanks again to both of you!

Hi
Most of them are just looking at the standard ports <1024 would take
them a long time to scan all 65K.

Generate a host key and use that, see man sshd :slight_smile: and change the port
from time to time, but I think you will notice a big difference if you
change the port sshd is running on.

Also make sure your config only uses protocol 2, no root login and
disable any motd/banner etc.


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.18-0.1-default
up 1 day 3:43, 1 user, load average: 0.48, 0.47, 0.42
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

you are welcome Gonzo, I’m sure if I’m not correct, Malcolm will provide correction

I’m using it, and I have tried to hack it, but without the login details you haven’t got a hope.

I HOPE!

We all live in hope lol :slight_smile:

Yes, as long as you don’t give it out, again change it on random basis
just like the ports and y’all should be “Happy as a pig in the
sunshine” (As an ex-pat New Zealander, you have love these southern
sayings).


Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.0 x86 Kernel 2.6.25.18-0.1-default
up 1 day 4:16, 1 user, load average: 0.61, 0.53, 0.46
GPU GeForce 6600 TE/6200 TE - Driver Version: 177.80

Oki! Now its more clear to me, i had been searching around getting many confused info.

With a combination of host key and non standard port i’m sure i will be safe and happier than pigs :smiley:

Will do tomorrow as i get to my office.

Thanks so much again to both for your help