5

I want to allow access to each user on a server through a different port. For example; user1 can only be accessed by ssh through port 2201, user 2 can only be accessed through port 2202. I have already allowed access through ports 2201 and 2202 by editing "/etc/ssh/sshd_config" and adding two lines:

Port 2201
Port 2202

Both users can now access ssh through both ports (and 22).

  • How would I restrict them to only their own ports?

(Also), the users [except root] don't have any automatically created "~/.ssh/" directory so I made one and tried adding a config file and an authorized_keys file - these don't seem to make any difference.

OS is debian squeeze and thanks in advance.

Nick
  • 83

2 Answers2

8

There is a solution for this. You can use two Match-conditions: One to block user2 on the first port and another one to block user 1 on the second port. Should look like this:

Match User user2, LocalPort 2201
   DenyUsers user2

Match User user1, LocalPort 2202
   DenyUsers user1

I have a similar configuration running and it works quite well (without saying that it is meaningful).

BTW: Combining Match and global Allow/Deny Rules doesn't work - at least it didn't work for me.

dustBLN
  • 91
1

You'll have to create a separate sshd_config for each user/port combo containing (along with the usual configuration options) the ListenAddress and AllowUsers keywords.

sshd_config_2201

ListenAddress 0:2201
AllowUsers user1

sshd_config_2202

ListenAddress 0:2202
AllowUsers user2

etc.

You'll need to run sshd once for each user with the -f switch to specify the individual configuration files.

Cakemox
  • 26,021