Wednesday, 26 June 2013

Configure Limit all SSH users to access from specific IP


Confiure Limit all SSH users to access from specific IP
1.       Step :
vi   /etc/security/access.conf  and make changes:

# This term will be evaluated by string matching.
# comment: It might be better to use network/netmask instead.
#          The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
#+ : root : 192.168.1. 10.201.5.0. 125.15.62.   (required network)
to
+ : root : 192.168.1. 10.201.5.0. 125.15.62.  
#
# User "root" should be able to have access from domain.
# Uses string matching also.
#+ : root : .foo.bar.org
#
# User "root" should be denied to get access from all other sources.
#- : root : ALL
to
- : root : ALL
#
# User "foo" and members of netgroup "nis_group" should be

2.  step open ssh pam file
vi /etc/pam.d/sshd
auth       required     pam_sepermit.so
auth       include      password-auth
account    required     pam_access.so   ( add this line)
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open env_params
session    optional     pam_keyinit.so force revoke
session    include      password-auth

#/etc/inid.d/sshd restart

 

 

Reset Grace Period of Windows Server 2012 RDS

Error: the remote session was disconnected because there are no remote desktop license servers available to provide license in aws Solu...