New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Restrict ssh access by domain?
craigcabrey
Member
Hi all,
Just wondering if it was possible to restrict access to my LEB's ssh server via DNS. So for example, I have three records associated with my domain: example.com, www.example.com, and server.example.com. example.com and www.example.com CNAME to server.example.com, but I would like it if I could only log in to SSH if I connected to server.example.com, not any of the others (or future ones for that matter).
Is this possible? Or is it just crazy talk?
Comments
It's possible if you set multiple IPs on your server on only allow connections from the IP associated with server.example.com. To my knowledge SSH is handled by IP and not FQDN so DNS would only have a hand if the FQDN was for a single IP no other domain shared.
Possibly with ssh running under xinetd.
With xinetd set only_from = server.example.com
& the reverse lookup should be server.example.com
I haven't tried it.
only_from works for the connecting IP/Domain though so it won't work in that case.
Well it was worth a try. Oh well.