Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only

Title: Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only
Object Name: mmr_kc-0119626
Document Type: Support Information
Original owner: KCS - Linux
Disclosure level: Public
Version state: final
FACT:Red Hat Enterprise Linux
GOAL:Restrict root SSH login to a single IP address
FIX:This can be accomplished with the use of PAM access controls.  There are two steps:

1. In /etc/pam.d/sshd, add the following line:

account    required

2. In /etc/security/access.conf, set up root access controls by adding the following two lines at the end of the file:

+ : root : IP_address
- : root : ALL

Replace "IP_address" with the IP address of the system from which root logins will be allowed.  Note that there is a space before and after each colon.  The first line allows root access from the specified IP address; the second line denies root access from everywhere else.  The order of these two lines is significant.  This will take effect immediately with no need to reboot or restart any daemons.

Login attempts that are blocked by this check will be logged in /var/log/secure:

Jul 15 16:51:42 hostname sshd[18241]: fatal: Access denied for user root by PAM account configuration

This method of access control is very flexible and powerful.  For example, if you should need to add a second allowed host at some point in the future, simply add its IP address to the first line:

+ : root : IP_address_1 IP_address_2
- : root : ALL

There are many other options, which are well documented within the access.conf file itself or its reference page.
0 (0)
Article Rating (No Votes)
Rate this article
There are no attachments for this article.
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Odpalenie polecenia tylko na jedną godzinę
Viewed 1505 times since Thu, May 24, 2018
bash mistakes This page is a compilation of common mistakes made by bash users. Each example is flawed in some way.
Viewed 7341 times since Sun, Dec 6, 2020
RHCS6: Reduce a Global Filesystem 2 (GFS2)
Viewed 1308 times since Sun, Jun 3, 2018
How to clear swap memory in Linux
Viewed 645 times since Mon, Nov 23, 2020
CentOS / RHEL : Configure yum automatic updates with yum-cron service
Viewed 2636 times since Fri, Oct 26, 2018
RHEL: Reinstalling Boot Loader on the Master Boot Record (MBR)
Viewed 1701 times since Sun, May 27, 2018
Use inotify-tools on CentOS 7 or RHEL 7 to watch files and directories for events
Viewed 11184 times since Fri, Jul 27, 2018
Using Official Redhat DVD as repository
Viewed 9219 times since Mon, Oct 29, 2018
Oracle Linux 7 – How to audit changes to a trusted file such as /etc/passwd or /etc/shadow
Viewed 1811 times since Wed, Jul 25, 2018
RHEL7 slow ssh login
Viewed 2301 times since Tue, Aug 6, 2019