I'd like to allow only certain hosts to connect to my server via SSH, and reject the rest with a friendly error message. Authorized users of the system will generally be non-technical, accessing this system via Filezilla.
I thought I could do this with TCP Wrappers, but when I enter the below into my hosts.deny
, the client just gets the error message "ssh_exchange_identification: Connection closed by remote host"
sshd : ALL \
: twist /bin/echo "Sorry, but your host is not allowed to connect to this server." \
: deny
I came across a script, SSH Twist, which seemed to address this problem, but I just see the same error on the client.
For what it's worth, I'm testing on RHEL 6.1 with OpenSSH 5.3p1.
Best Answer
SSH Twist looks like a bit of a hack, and I wouldn't bet on it working with all
sshd
versions — it makes an assumption about what it can send during session establishment that isn't necessarily true.It's a little ugly, but you can do something like this in
sshd_config
: