Restricting SSH Login for specific user to specific network/IP

23/11/2010

I have a client running an Oracle RAC environment. Logging in via ssh or anything else as a service account (i.e. oracle)is strictly frowned upon. According to the DBAs, some functions of RAC require direct login as this service account. So, we put in a ‘paper’ policy saying that the account could only login as ssh from within the environment itself. No user was to use the account to login. This has mostly worked, but occasionally we notice a login from the ‘oracle’ account directly from a PC and hit the excuse ‘I forgot’. That’s when I searched for something within sshd or PAM that would allow this login from within the environment, but not from outside. The article I found summed this up very nicely. Thanks NixCraft!

The line I added to the /etc/security/access.conf was:

-: oracle : 192.168.100.

Like this:

Be the first to like this post.

Posted in linux, Security | Tagged security, sshd |

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

M	T	W	T	F	S	S
« Oct				Jan »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Teh Knowledge