2 sshd configurations 1 for internal and 1 external Announcing the arrival of Valued Associate...
Single word antonym of "flightless"
What is the meaning of the new sigil in Game of Thrones Season 8 intro?
How to answer "Have you ever been terminated?"
Can a USB port passively 'listen only'?
Overriding an object in memory with placement new
How to deal with a team lead who never gives me credit?
Can I cast Passwall to drop an enemy into a 20-foot pit?
What's the meaning of 間時肆拾貳 at a car parking sign
Why is "Consequences inflicted." not a sentence?
Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?
Why did the IBM 650 use bi-quinary?
Why light coming from distant stars is not discreet?
How to find all the available tools in mac terminal?
Generate an RGB colour grid
How to run gsettings for another user Ubuntu 18.04.2 LTS
Do I really need recursive chmod to restrict access to a folder?
Why did the Falcon Heavy center core fall off the ASDS OCISLY barge?
How can I make names more distinctive without making them longer?
What to do with chalk when deepwater soloing?
String `!23` is replaced with `docker` in command line
What does an IRS interview request entail when called in to verify expenses for a sole proprietor small business?
Why is my conclusion inconsistent with the van't Hoff equation?
Why am I getting the error "non-boolean type specified in a context where a condition is expected" for this request?
English words in a non-english sci-fi novel
2 sshd configurations 1 for internal and 1 external
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)Possible? OpenSSL server listens on 2 ports, but only one with 2-factor authenticationsHow to give restricted access to userSSH from external network refusedConnection timeout for ssh serverWhy is ssh X-Forwarding of browser not working for internal IP addresses?Allowing sshd on local network without access to internetExternal ssh not working (port already forwarded)ssh server unaccessibleForgot to unblock port 22 for SSH when setting up UFW. FTP port still open. What are my options?allow SSH access for a specific local user from only internal networks and deny SSH access to that user from External networksHow to change sshd port on 18.04 Server?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
How can I setup open ssh server so that if i'm ssh'ng from a local lan I want it to be via port 22 but if I'm coming externally its via port 12345 for example.
Then for external access I'd like some different (stricter) rules in sshd_config
ssh sshd
asked Jul 25 '13 at 16:36
parisvparisv
362
add a comment |
How can I setup open ssh server so that if i'm ssh'ng from a local lan I want it to be via port 22 but if I'm coming externally its via port 12345 for example.
Then for external access I'd like some different (stricter) rules in sshd_config
ssh sshd
asked Jul 25 '13 at 16:36
parisvparisv
362
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20
add a comment |
How can I setup open ssh server so that if i'm ssh'ng from a local lan I want it to be via port 22 but if I'm coming externally its via port 12345 for example.
Then for external access I'd like some different (stricter) rules in sshd_config
ssh sshd
asked Jul 25 '13 at 16:36
parisvparisv
362
How can I setup open ssh server so that if i'm ssh'ng from a local lan I want it to be via port 22 but if I'm coming externally its via port 12345 for example.
Then for external access I'd like some different (stricter) rules in sshd_config
ssh sshd
ssh sshd
asked Jul 25 '13 at 16:36
parisvparisv
362
asked Jul 25 '13 at 16:36
parisvparisv
362
asked Jul 25 '13 at 16:36
parisvparisv
362
asked Jul 25 '13 at 16:36
parisvparisv
362
asked Jul 25 '13 at 16:36
parisvparisv
362
362
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20
add a comment |
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20
add a comment |
3 Answers
3
active
oldest
votes
Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.
These steps have been adapted to work with systemd.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the systemd configuration file:
sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service
in the new file (
/lib/systemd/system/sshd-external.service) change the line:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
to:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
and the line:
Alias=sshd.service
to:
Alias=sshd-external.service
Now customize
/etc/ssh/sshd_config_externalto your needs (e.g. changePort 22toPort 12345)
enable the service
sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service
If you have run the above command then run
sudo systemctl disable sshd-external.servicebefore running the next command
sudo systemctl enable sshd-external.service
sudo service sshd-external start
This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.
Let me know if this doesn't work. I've been known to make typos.
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
add a comment |
Create another SSH service instance.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the upstart configuration file:
sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf
In the new file (
ssh-external.conf), change the line:
mkdir -p -m0755 /var/run/sshd
to:
mkdir -p -m0755 /var/run/sshd-external
And change the line:
exec /usr/sbin/sshd -D
to:
exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external
Create the link to upstart:
sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external
Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:
sudo service ssh-external start
edited Jul 2 '17 at 5:14
Raphael
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
add a comment |
thanks so much for the detailed steps. With this I could setup my RaspberryPi to service as an entry point from the internet, one port is forwarded from router, with 2-factor authentication, the other for internal access. The setup was really smooth.
answered 10 mins ago
Ben Z.Ben Z.
413
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f324503%2f2-sshd-configurations-1-for-internal-and-1-external%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.
These steps have been adapted to work with systemd.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the systemd configuration file:
sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service
in the new file (
/lib/systemd/system/sshd-external.service) change the line:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
to:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
and the line:
Alias=sshd.service
to:
Alias=sshd-external.service
Now customize
/etc/ssh/sshd_config_externalto your needs (e.g. changePort 22toPort 12345)
enable the service
sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service
If you have run the above command then run
sudo systemctl disable sshd-external.servicebefore running the next command
sudo systemctl enable sshd-external.service
sudo service sshd-external start
This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.
Let me know if this doesn't work. I've been known to make typos.
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
add a comment |
Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.
These steps have been adapted to work with systemd.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the systemd configuration file:
sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service
in the new file (
/lib/systemd/system/sshd-external.service) change the line:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
to:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
and the line:
Alias=sshd.service
to:
Alias=sshd-external.service
Now customize
/etc/ssh/sshd_config_externalto your needs (e.g. changePort 22toPort 12345)
enable the service
sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service
If you have run the above command then run
sudo systemctl disable sshd-external.servicebefore running the next command
sudo systemctl enable sshd-external.service
sudo service sshd-external start
This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.
Let me know if this doesn't work. I've been known to make typos.
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
add a comment |
Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.
These steps have been adapted to work with systemd.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the systemd configuration file:
sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service
in the new file (
/lib/systemd/system/sshd-external.service) change the line:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
to:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
and the line:
Alias=sshd.service
to:
Alias=sshd-external.service
Now customize
/etc/ssh/sshd_config_externalto your needs (e.g. changePort 22toPort 12345)
enable the service
sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service
If you have run the above command then run
sudo systemctl disable sshd-external.servicebefore running the next command
sudo systemctl enable sshd-external.service
sudo service sshd-external start
This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.
Let me know if this doesn't work. I've been known to make typos.
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
Eric Carvalho's answer works for pre 15.04 but they deprecated and then removed upstart from Ubuntu, SystemdForUpstartUsers.
These steps have been adapted to work with systemd.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the systemd configuration file:
sudo cp /lib/systemd/system/ssh.service /lib/systemd/system/sshd-external.service
in the new file (
/lib/systemd/system/sshd-external.service) change the line:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
to:
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd_config_external
and the line:
Alias=sshd.service
to:
Alias=sshd-external.service
Now customize
/etc/ssh/sshd_config_externalto your needs (e.g. changePort 22toPort 12345)
enable the service
sudo ln -s /lib/systemd/system/ssh-external.service /etc/systemd/system/sshd-external.service
If you have run the above command then run
sudo systemctl disable sshd-external.servicebefore running the next command
sudo systemctl enable sshd-external.service
sudo service sshd-external start
This has been tested on Ubuntu 16.04 on real hardware and a virtual machine in virtualbox.
Let me know if this doesn't work. I've been known to make typos.
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
edited Jul 6 '17 at 23:54
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
answered Dec 29 '16 at 14:53
silverducksilverduck
7315
7315
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
add a comment |
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
1
1
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:12
add a comment |
Create another SSH service instance.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the upstart configuration file:
sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf
In the new file (
ssh-external.conf), change the line:
mkdir -p -m0755 /var/run/sshd
to:
mkdir -p -m0755 /var/run/sshd-external
And change the line:
exec /usr/sbin/sshd -D
to:
exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external
Create the link to upstart:
sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external
Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:
sudo service ssh-external start
edited Jul 2 '17 at 5:14
Raphael
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
add a comment |
Create another SSH service instance.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the upstart configuration file:
sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf
In the new file (
ssh-external.conf), change the line:
mkdir -p -m0755 /var/run/sshd
to:
mkdir -p -m0755 /var/run/sshd-external
And change the line:
exec /usr/sbin/sshd -D
to:
exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external
Create the link to upstart:
sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external
Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:
sudo service ssh-external start
edited Jul 2 '17 at 5:14
Raphael
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
add a comment |
Create another SSH service instance.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the upstart configuration file:
sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf
In the new file (
ssh-external.conf), change the line:
mkdir -p -m0755 /var/run/sshd
to:
mkdir -p -m0755 /var/run/sshd-external
And change the line:
exec /usr/sbin/sshd -D
to:
exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external
Create the link to upstart:
sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external
Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:
sudo service ssh-external start
edited Jul 2 '17 at 5:14
Raphael
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
Create another SSH service instance.
Copy the SSH configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config_external
Copy the upstart configuration file:
sudo cp /etc/init/ssh.conf /etc/init/ssh-external.conf
In the new file (
ssh-external.conf), change the line:
mkdir -p -m0755 /var/run/sshd
to:
mkdir -p -m0755 /var/run/sshd-external
And change the line:
exec /usr/sbin/sshd -D
to:
exec /usr/sbin/sshd -D -f /etc/ssh/sshd_config_external
Create the link to upstart:
sudo ln -s /lib/init/upstart-job /etc/init.d/ssh-external
Now customize /etc/ssh/sshd_config_external to your needs (e.g. change Port 22 to Port 12345) and start the service:
sudo service ssh-external start
edited Jul 2 '17 at 5:14
Raphael
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
edited Jul 2 '17 at 5:14
Raphael
6,11922243
edited Jul 2 '17 at 5:14
Raphael
6,11922243
edited Jul 2 '17 at 5:14
Raphael
6,11922243
6,11922243
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
answered Jul 25 '13 at 17:06
Eric CarvalhoEric Carvalho
42.5k17118148
42.5k17118148
add a comment |
add a comment |
thanks so much for the detailed steps. With this I could setup my RaspberryPi to service as an entry point from the internet, one port is forwarded from router, with 2-factor authentication, the other for internal access. The setup was really smooth.
answered 10 mins ago
Ben Z.Ben Z.
413
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
add a comment |
thanks so much for the detailed steps. With this I could setup my RaspberryPi to service as an entry point from the internet, one port is forwarded from router, with 2-factor authentication, the other for internal access. The setup was really smooth.
answered 10 mins ago
Ben Z.Ben Z.
413
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
add a comment |
thanks so much for the detailed steps. With this I could setup my RaspberryPi to service as an entry point from the internet, one port is forwarded from router, with 2-factor authentication, the other for internal access. The setup was really smooth.
answered 10 mins ago
Ben Z.Ben Z.
413
thanks so much for the detailed steps. With this I could setup my RaspberryPi to service as an entry point from the internet, one port is forwarded from router, with 2-factor authentication, the other for internal access. The setup was really smooth.
answered 10 mins ago
Ben Z.Ben Z.
413
answered 10 mins ago
Ben Z.Ben Z.
413
answered 10 mins ago
Ben Z.Ben Z.
413
answered 10 mins ago
Ben Z.Ben Z.
413
413
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
add a comment |
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
Welcome to Ask Ubuntu. This is a question answer site. Your answer does not provide a solution. "Thank you" is not a valid answer.
– user68186
2 mins ago
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f324503%2f2-sshd-configurations-1-for-internal-and-1-external%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Please add more details on your network topology. How does the system connect to the outside? does it have more than one network interface? will external connections come from a router and, if so, how does the router handle or translate external connections? (maybe via NAT). Or is routing handled by the server itself, maybe using iptables?
– roadmr
Jul 25 '13 at 16:53
It works on 18.04
– VikingGlen
Dec 11 '18 at 16:10
Zeke's answer below worked for me on 18.04. Regarding your external sshd, you can limit users with the AllowUsers option. How strict do you want? Create a user with a password for a username: eR4d092a. Jail him. Limit him to a couple of commands. Require he "su" out to get into your system. Alias the "su" command. For example, "su" becomes "alberny." Make eR4d092a's password 14 to 16 characters. Limit external access only to eR4d092a: AllowUsers eR4d092a No one will ever guess a username-password combination set up this way on a non-standard port.
– VikingGlen
Dec 11 '18 at 16:20