0

On my network, I have a SERVER with 3 NICs, each on a separate subnet A, B, and C.
I also have a user, JOE who uses SSH to login to SERVER

The issue is, JOE can log in on any of the interfaces:
$ ssh joe@server-a ] Welcome to SERVER exit $ ssh joe@server-b ] Welcome to SERVER exit $ ssh joe@server-b ] Welcome to SERVER exit

I would like an easy way to prevent JOE from logging to the B & C interfaces. (Alternately, only allow JOE to log in to the A interface).

Is this possible? I have hundreds of servers, and I'll have to this to many of them, so simple solutions are preferred.
I'm running Red Hat 7.x
I'm on a closed network, so please don't recommend 3rd party products -- I won't be able to get them.
TIA!

Scottie H
  • 227
  • 2
  • 10
  • 1
    Is it only `Joe` that needs to be restricted, or all users? Do you need SSH to be usable on the other interfaces by other accounts? You could possibly incoming ssh on the other interfaces, but that would apply to everyone. Or you could run a different ssh daemon bound to specific interfaces with different restrictions. – Zoredache Oct 16 '19 at 22:56
  • IT is just `JOE` that needs the restriction. All other users are OK logging in on any interface. There are other users that need to log in on the other interfaces. – Scottie H Oct 16 '19 at 23:00
  • Hrm, that makes it seem complicated. I would probably look to see if you can build a `Match` block in your `sshd_config` that restricts an account the way you want. – Zoredache Oct 16 '19 at 23:06
  • What is that? Can you explain? – Scottie H Oct 17 '19 at 14:24
  • 1
    Search for match in the [sshd_config](https://linux.die.net/man/5/sshd_config) man page. The 'match' lets you apply restrictions based on user and a few other properties of the connection. I am not certain if you can use it for this though. – Zoredache Oct 17 '19 at 16:33

1 Answers1

1

You may try with OpenSSH DenyUsers:

DenyUsers JOE@serber-b-subnet JOE@serber-c-subnet

If subnet B is 192.168.0.0:

DenyUsers JOE@192.168.*

Jerdguez
  • 11
  • 2