How to allow ssh access only through vpn?

S

saanneekk2015-02-11 19:59:23

linux

saanneekk, 2015-02-11 19:59:23

How to allow access to SSH server for only one vpn connection. The VPN server is lifted by the same machine.
Tried through:

/etc/hosts.allow
SSHD: ip.адрес.сервера
/etc/hosts.deny
SSHD: ALL

connected to vpn tried to log in, but the server kicked me off.
Also tried with iptables

iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED --source ip.адрес.сервера -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -p tcp --dport 22 -j DROP

But the result is the same.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

M

Melkij, 2015-02-11
@melkij

Why --source ip.server.address? The IP address of the client must be the one that is issued by the VPN.
Or the IP address of the server on the VPN interface, but then the destination address of the packet.

V

Vasily Angapov, 2015-02-12
@celebrate

1) In hosts.allow, you need to write not the IP address of this server, but the IP address of the computer from which you will connect.
2) In iptables in --source is the same.
3) Well, it's more correct to write "-m tcp - p tcp --dport" instead of "-p tcp --dport".
4) You were rightly pointed out that the second rule essentially cancels the first.