In this How to Make Tech Work tutorial, Jack Wallen shows how to add another layer of security to your Linux machines with just two files.
Did you know there’s a very easy way to block or allow IP addresses in Linux using two simple files? Those files are hosts.allow and hosts.deny, and they make it such that you can block or allow IP addresses on the fly without having to deal with more complicated firewall rules.
With this ability, you could quickly block a suspicious IP address to avoid possible malicious activity; or, you could limit, say, SSH connections to only specific addresses so you don’t have to worry about third parties gaining access to your servers or desktops. Let me show you how it’s done by demonstrating SSH access to a machine. The only things you’ll need for this are a running instance of Linux and a user with sudo privileges.
Log in to your Linux machine and open a terminal window. The first thing we’re going to do is deny all access to the SSH daemon. Open hosts.deny with the command sudo nano /etc/hosts.deny. At the bottom of that file, add sshd: ALL. Save and close the file.
Next, open hosts.allow with the command sudo nano /etc/hosts.allow. Let’s say you want to enable SSH access to only two machines on your network, which are at IP addresses 192.168.1.62 and 192.168.1.152; for that, at the bottom of the file, add the line sshd: 192.168.1.62, 192.168.1.152. Save and close the file.
At this point, the only two machines that are able to access your desktop or server via SSH are those two. Keep in mind that hosts.deny is read before hosts.allow so having sshd: ALL set to hosts.deny is only overridden if there’s an entry in hosts.allow. If you configure hosts.deny with ssdh: ALL and don’t add a corresponding entry in hosts.allow, no one will be allowed access, via SSH, to the machine.
And that’s all there is to using hosts.deny and hosts.allow to add another layer of security to your Linux machines.
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsBit.us is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
