Managing SSH Access

Hands-On Lab

 

Photo of Bob Salmans

Bob Salmans

Security Training Architect I in Content

Length

00:30:00

Difficulty

Intermediate

In this lab, we will restrict SSH access to specific user accounts from specific sources. This will allow us to granularly control SSH access to a host.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Managing SSH Access

Introduction

In this lab, we will restrict SSH access to specific user accounts from specific sources. This will allow us to granularly control SSH access to a host.

Solution

  1. Begin by logging in to the lab server using the credentials provided on the hands-on lab page:

    ssh cloud_user@PUBLIC_IP_ADDRESS
  2. Become the root user:

    sudo su

Allow Susan SSH access from host susan-ws.office21.net

  1. Edit the /etc/ssh/sshd_config file with the following line:

    vi /etc/ssh/sshd_config
    AllowUsers Susan@susan-ws.office21.net  

    > Note: This line should be added under the following header at the top of the file:

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

Permit root SSH login from the subnet 10.0.1.0/24

  1. The first step is to permit root logins by removing the comment in front of the line #PermitRootLogin yes in the /etc/ssh/sshd_conf file.

  2. Secondly, we need to add root@10.0.1.0/24 to the AllowUsers line in the /etc/ssh/sshd_config file.

    AllowUsers Susan@susan-ws.office21.net root@10.0.1.0/24
  3. Now we need to restart the sshd service so the changes we made will take affect:

    systemctl restart sshd  

Conclusion

Congratulations — you've completed this hands-on lab!