Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only

Title: Red Hat Enterprise Linux - Allow Root Login From a Specific IP Address Only
Object Name: mmr_kc-0119626
Document Type: Support Information
Original owner: KCS - Linux
Disclosure level: Public
Version state: final
Environment
FACT:Red Hat Enterprise Linux
Questions/Symptoms
GOAL:Restrict root SSH login to a single IP address
Cause
CAUSE:
Answer/Solution
FIX:This can be accomplished with the use of PAM access controls.  There are two steps:

1. In /etc/pam.d/sshd, add the following line:

account    required     pam_access.so


2. In /etc/security/access.conf, set up root access controls by adding the following two lines at the end of the file:

+ : root : IP_address
- : root : ALL


Replace "IP_address" with the IP address of the system from which root logins will be allowed.  Note that there is a space before and after each colon.  The first line allows root access from the specified IP address; the second line denies root access from everywhere else.  The order of these two lines is significant.  This will take effect immediately with no need to reboot or restart any daemons.


Login attempts that are blocked by this check will be logged in /var/log/secure:

Jul 15 16:51:42 hostname sshd[18241]: fatal: Access denied for user root by PAM account configuration

This method of access control is very flexible and powerful.  For example, if you should need to add a second allowed host at some point in the future, simply add its IP address to the first line:

+ : root : IP_address_1 IP_address_2
- : root : ALL


There are many other options, which are well documented within the access.conf file itself or its reference page.
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Linux File Systems (mkfs, mount, fstab) ext4
Viewed 2945 times since Sat, Jun 2, 2018
3 Ways to Check Linux Kernel Version in Command Line
Viewed 11273 times since Fri, Apr 19, 2019
How to encrypt a partition with DM-Crypt LUKS on Linux
Viewed 7970 times since Fri, Jul 13, 2018
20 Practical Examples of RPM Commands in Linux rpm
Viewed 7700 times since Mon, Feb 18, 2019
Linux – How to check the exit status of several piped commands
Viewed 2756 times since Wed, Jul 25, 2018
Exclude multiple files and directories with rsync
Viewed 2180 times since Wed, Oct 31, 2018
RHEL: Change system’s hostname
Viewed 3178 times since Sun, May 27, 2018
RHEL: Displaying/setting kernel parameters - ’sysctl’
Viewed 2689 times since Sat, Jun 2, 2018
OEL 7 – How to disable IPv6 on Oracle Linux 7 – Follow Up
Viewed 9205 times since Wed, Jul 25, 2018
Increase A VMware Disk Size (VMDK) Formatted As Linux LVM without rebooting
Viewed 15026 times since Wed, May 30, 2018