Restrict Connection based on IP Address

Examples: IP Restriction: Restrict certain Hosts from connecting

Examples: IP Restriction: Only Allow certain Hosts to connect

 

The system administrator may optionally restrict connections via telnet based upon the Host IP address. Remote access may be limited only to specific IP addresses. The system administrator may also restrict specific IP addresses from connecting via SSH2/Telnet.

Restrictions based on IP address are enforced when the file thosts exists. The IP addresses of interest are listed in the thosts file. In short, only IP addresses listed in the thosts file are allowed to connect via telnet/SSH2. The provision also exists to exclude specific IP addresses from connecting via SSH2/Telnet. A keyword [Exclude] is used that indicates all IP Addresses listed in the file should be excluded from logon via SSH2/Telnet.

How to set up Host IP Address Restriction

You must create the file

• thosts

The file must reside in the Georgia SoftWorks Universal Terminal Server installation directory. The directive [EXCLUDE] indicates if the IP Addresses should be excluded from connection.

Note: The system account must have permission to read the thosts file.

The rules are simple for setting up the thosts file.

The # character is the comment character.

[EXCLUDE] directive placed in the 1st line will force the interpretation as the exclusion file, other wise only IP addresses listed are allowed.

Data after the IP address is ignored and therefore can be used for additional comment data.

Following are example thosts files.

Example 1: IP Restrict certain Hosts from connecting

Bill and Tom have machines that are in a public location and are not secure. The system administrator does not want to allow SSH2/Telnet access from those machines. However Bill and Tom have other machines that need SSH2/Telnet access to the server. This is how to set up the thosts file to exclude those particular machines.

Information needed:

• IP address of Bill's machine: 198.68.20.21
• IP address of Tom's machine: 198.68.22.25

Edit the file thosts and add the following lines:

[EXCLUDE]

# Here is the list of hosts that are not allowed to log in via SSH2/Telnet

198.68.20.21 Bob's machine

198.68.22.25 Tom's machine

Now let's look at the contents of the file

The [EXCLUDE] directive specifies that all IP addresses in the thosts file are not allowed to connect via telnet

The next line is a comment reminding the System Administrator that the following Host IP addresses will not be allowed to connect via SSH2/Telnet

Next is the list of Host IP addresses to exclude. The list can be as long as you desire.

Example 2: IP Restriction: Only allow certain Hosts to connect

ACME Accounting has 3 remote locations. For the machines at each location there may be dozens of different users that may be connecting at different times of the day. The system administrator only wants to allow SSH2/Telnet connections from the 3 remote locations.

However the ACME remote Location 3 office is temporally closed and is under remodeling. Therefore the system administrator want to easily comment remove them from the "allowed" list and quickly add them back as soon as the office reopens

Information needed:

• IP address of ACME accounting location 1 machine: 198.68.35.21
• IP address of ACME accounting location 2 machines:198.68.35.25
• IP address of ACME accounting location 3 machines:198.68.35.26

Edit the file thosts and add the following lines:

# Here is the list of hosts that are allowed to log in via SSH2/Telnet

#

198.68.35.21 ACME accounting location 1 machine

198.68.35.25 ACME accounting location 2 machine

#Let's not allow location 3 until the office repoens.

#198.68.35.26 ACME accounting location 3 machine

#