Shulou(Shulou.com)06/01 Report--

Requirements:

Windows and Linux systems are limited to specified IP or segment logins

Solutions and ideas:

1. There are several ways to set up Windows:

Method 1: Limit IP access through the firewall settings provided by the machine, and modify the following three rule attributes:

Click Properties to view the corresponding settings:

Set the address segment or IP that can be accessed.

Method 2: Control through IP security policy:

Open Local Security Policy:

Start-Run-Enter secpol.msc or Start-Programs-Administrative Tools-Local Security Policy

In the pop-up window, right-click IP Security Policy, and then click Local Computer.

Right-click and select Manage IP Filter List and Filter Actions:

Set source and destination addresses:

Modify access protocols and ports, default to all:

Add another deny strategy:

Adjust the policy in the filter:

Method 3: Log in via the designated computer on the AD server, which is not explained here.

(You need to join the AD domain, and then set the user to specify login)

Reference file address: www.it165.net/os/html/201311/6707.html

Linxu system specifies IP access control:

Solutions and ideas:

1. To control remote access by modifying the/etc/hosts/allow and/etc/hosts.deny files, tcp_wrappers needs to be installed

Enter ldd /usr/sbin/sshd , if libwrap is present in the output, tcp_wrappers can be used, that is, the service can use/etc/hosts/allow and/etc/hosts.deny,

If there is no output libwrap, install it.

View by command:

rpm -q tcp_wrappers or rpm -qa| grep tcp

Let's look at what is allowed:

[root@nginx ~]# cat /etc/hosts.allow## hosts.allow This file describes the names of the hosts which are# allowed to use the local INET services, as decided# by the '/usr/sbin/tcpd' server.## for the shellsshd:11.8., 12.1., 18.3.: allow

This means allowing 11.8.0.0 and 12.1.0.0 and 18.3.0.0 to allow access to the server's sshd service.

See also Refusal:

Edit the/etc/hosts.deny file and add the following statement to deny all ssh requests

sshd:all

At this point, it is possible to continue to strengthen the modification:

Step 1: SSH log in to the server as root.

Step 2: Type pico -w /etc/ssh/sshd_config at the command prompt

Step 3: Scroll down and find an area in this file like this:

Port 22

Protocol 2, 1

ListenAddress 0.0.0.0

ListenAddress ::

Step 4: Uncomment symbol #and modify

Port #22

Read: Port 8899

(Select your unused 4-to 5-digit port (49151 is the highest number of ports))

Protocol #2, 1

Changed to: Protocol 2

#ListenAddress 0.0.0.0

Changed to: ListenAddress 192.168.1.100 (the address here is changed to the IP address of the client commonly used by you to access the server)

Step 5 If you want to disable direct root login, scroll down until you see

#PermitRootLogin yes

Change to PermitRootLogin no

Hold down Ctrl to save changes, and press Ctrl + x to exit.

Step 6 At the command prompt type: /etc/rc.d/init.d/sshd restart

Step 7: Log out of SSH. You must log in later using a new port number (e.g. 49151), and the server limits SSH logins to only one specified IP address (e.g. 192.168.1.100).

Notes:

If you can't log in or have other problems after modifying, you just need to connect the monitor to the server or Telnet to your server, modify the settings, and then SSH log in again. Telnet is a very insecure protocol, so it's best to change your root password after you use it.

or

Linux restricts IP access to ssh

Enter/etc/hosts.allow

(where 192.168.10.88 is the ip you want to allow to log in to ssh, or a network segment 192.168.10.0/24)

sshd:192.168.10.88:allow

Enter/etc/hosts.deny (indicating that all IPs except those allowed above refuse to log in ssh)

sshd:ALL

change the port

vi /etc/ssh/sshd_config

port 3333

Add ip to the last line

allows users root@ip ------------------

Finally, execute service xinetd restart to restart the service or

# /etc/rc.d/init.d/xinetd restart

# /etc/rc.d/init.d/network restart

(the end)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.