cancel
Showing results for 
Search instead for 
Did you mean: 
imejia
Level 7

SSH and GUI access restriction to one IP

Jump to solution

Running MWG 7.1....two questions:

1.  Is there any chance to restrict the GUI access to one IP Addr??

2.  How i can restrict accessing ssh to one IP Addrr??

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: SSH and GUI access restriction to one IP

Jump to solution

For the GUI, In the Configuration> User Interface,  specify the IPSmiley Tongueort instead of just the port:

192.168.2.222:4711

For SSH, there are you two ways i can think of.

You can edit the /etc/ssh/sshd_config (in the Configuration>File Editor in the GUI) and set the ListenAddress for the NIC you want to listen on and add a parameters:

AllowUsers root@192.168.2.2

To specify the allowed users that can logon. if you have other ssh usernames, add them.

The other way is to activate the Network Protetion firewall to only allow specific traffic to specific services. Be careful with this so as not to inadvertantly lock yourself out with a Deny All rule.

The configuration would look something like this:

Capture.JPG

0 Kudos
5 Replies
eelsasser
Level 15

Re: SSH and GUI access restriction to one IP

Jump to solution

For the GUI, In the Configuration> User Interface,  specify the IPSmiley Tongueort instead of just the port:

192.168.2.222:4711

For SSH, there are you two ways i can think of.

You can edit the /etc/ssh/sshd_config (in the Configuration>File Editor in the GUI) and set the ListenAddress for the NIC you want to listen on and add a parameters:

AllowUsers root@192.168.2.2

To specify the allowed users that can logon. if you have other ssh usernames, add them.

The other way is to activate the Network Protetion firewall to only allow specific traffic to specific services. Be careful with this so as not to inadvertantly lock yourself out with a Deny All rule.

The configuration would look something like this:

Capture.JPG

0 Kudos

Re: SSH and GUI access restriction to one IP

Jump to solution

Would this sample rulset, I noticed you included  the typical proxy port, https admin port, and SSH.  Would you also have to include the authentication proxy port, and if in centralized management, centralized mgmt port from each member in the cluster (TCP 12346)??

0 Kudos
imejia
Level 7

Re: SSH and GUI access restriction to one IP

Jump to solution

Hi e2, i use Network Protection Rules and it's working fine! thanks for your help...by the way are those rules  created on the iptables file???

0 Kudos
asabban
Level 17

Re: SSH and GUI access restriction to one IP

Jump to solution

Hello,

the Network Protection uses Iptables, that is correct. The config from the GUI is written into your current storage container, and from there synched to the OS.

Best,

Andre

0 Kudos
imejia
Level 7

Re: SSH and GUI access restriction to one IP

Jump to solution

Great!! TKS!

0 Kudos