Security Basics mailing list archives

Re: Restricting logins by IP address

From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 25 Oct 2005 00:05:35 +0200 (IST)

On 10/19/05, Keenan Smith <kc_smith () clark net> wrote:

Similar to the way root can be restricted to logging in only at the
console, is it possible to restrict logins by regular users to specific
IP addresses?

What I've got is a directory "ABC" and a user "Larry".  I setup Larry to
have ABC as his home directory.  What I want to do is restrict Larry's
login to a specific IP address so if he attempts a login from computer
"123" it will succeed but if he tries from computer 456, it will fail.


On Fri, 21 Oct 2005, ilaiy wrote:

Try using /etc/hosts.allow Give the IP address of which you would
want to allow and your /etc/hosts.deny should look like this
ALL: ALL


Yes, tcp wrappers is a good solution if it is really what you need.
Unfortunately, it does not solve the stated problem (at least, not how
I understood it): it allows you to limit *all* the connection to a set
of IPs, but it does not allow to restrict Larry's logins to one IP,
and John's logins to some other IP.

-- 
Regards,
ASK

Current thread:

Re: OS to know., (continued)
- - - Re: OS to know. John Melton (Oct 17)
    - RE: OS to know. Security (Oct 17)
- Re: OS to know. Mark Owen (Oct 14)
- Re: OS to know. Michael Gale (Oct 31)
  - Re: OS to know. Adam Kane (Oct 31)
- RE: OS to know. Depp, Dennis M. (Oct 18)
  - Re: OS to know. Alloishus BeauMains (Oct 18)
  - Re: OS to know. Kurt (Oct 18)
    - Restricting logins by IP address Keenan Smith (Oct 21)
    - Re: Restricting logins by IP address ilaiy (Oct 24)
    - Re: Restricting logins by IP address Alexander Klimov (Oct 25)
    - Re: Restricting logins by IP address Justin (Oct 24)
    - Re: Restricting logins by IP address Netops (Oct 31)
- RE: OS to know. Simpson, Brett (Oct 18)
  - Re: OS to know. Netops (Oct 31)