ericmurphy
Registered
I have ssh enabled on my machine for remote access. Hey, it's better than telnet, right? Anyway, I was perusing the /var/log/secure.log file, and noted a lot of failed authentication attempts against what appears to be guesses of accounts on the machine (e.g., "test," "root," "user," "admin," etc.). This is worrying, obviously.
I really do need to keep ssh access enabled on my machine. But I really only need that access from one IP address. Granted, IPs can be spoofed, but it can't hurt to restrict access via SSH to certain IP addresses. Is there a relatively straightforward way to do this? I'm planning on purchasing a hardware firewall (mainly to close ports that I need open for LAN access that should be closed for WAN access) which should be able to do it, but in the meantime, it would be nice to do it via ipfw. Can I just edit the ipfw rules file?
I really do need to keep ssh access enabled on my machine. But I really only need that access from one IP address. Granted, IPs can be spoofed, but it can't hurt to restrict access via SSH to certain IP addresses. Is there a relatively straightforward way to do this? I'm planning on purchasing a hardware firewall (mainly to close ports that I need open for LAN access that should be closed for WAN access) which should be able to do it, but in the meantime, it would be nice to do it via ipfw. Can I just edit the ipfw rules file?