Limit SSH User Based On Local IP Address?

Hey guys well, i killed a user that was ssh into my machine and a googled how to do it, however the command that I used to find he PID was

ps aux | egrep "sshd: [a-zA-Z]+@"

why not just use ps aux | grep sshd?

also can someone decipher what ps aux | egrep "sshd: [a-zA-Z]+@" means? I am not that advanced to understand what I googled on that? Also, is there a good tutorial to teach you those commands in depth like that? And what are they called? the (egrep "sshd: [a-zA-Z]+@") part.

Hello,
I am using my raspberry pi with Linux 3.18+ installed. I changed the default ssh port from 22 to 16022. This is my sshd_config file:
Code:

# Package generated configuration file
# See the sshd_config(5) manpage for details

# What ports, IPs and protocols we listen for
#Port 22
Port 16022
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2

PAM auth is disabled and I only login using password. Now, I checked the authentication log file: /var/log/auth.log. This is a snippet of what it contains:
Quote:
Apr 23 23:44:55 raspberrypi sshd[6473]: Accepted password for pi from 50.252.93.50 port 51978 ssh2
Apr 23 23:52:22 raspberrypi sshd[6477]: Received disconnect from 50.252.93.50: 11: Normal Shutdown
May 5 01:51:02 raspberrypi sshd[4551]: Accepted password for pi from 50.153.109.28 port 30222 ssh
May 5 09:43:47 raspberrypi sshd[6033]: Accepted password for pi from 50.153.110.150 port 21551 ssh2
May 5 09:43:53 raspberrypi sshd[6039]: Received disconnect from 50.153.110.150: 11: Normal Shutdown
May 5 14:09:23 raspberrypi sshd[6783]: Accepted password for pi from 50.153.109.23 port 28684 ssh
May 5 14:32:43 raspberrypi sshd[7008]: Accepted password for pi from 50.153.109.23 port 28689 ssh
May 5 14:37:21 raspberrypi sshd[7014]: Received disconnect from 50.153.109.23: 11: Normal Shutdow
May 8 02:01:41 raspberrypi sshd[24468]: Accepted password for pi from 50.153.110.150 port 30862 ssh2
How is this possible? Why is it showing these random ports for ssh?

This is what 'sudo netstat -nlp' gives:
Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:6010          0.0.0.0:*               LISTEN      7923/0
tcp        0      0 0.0.0.0:16022           0.0.0.0:*               LISTEN      2501/sshd
udp        0      0 0.0.0.0:37851           0.0.0.0:*                           2019/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2192/dhclient
udp        0      0 0.0.0.0:68              0.0.0.0:*                           2019/dhclient
udp        0      0 192.168.1.82:123        0.0.0.0:*                           2419/ntpd
udp        0      0 192.168.1.78:123        0.0.0.0:*                           2419/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           2419/ntpd
udp        0      0 0.0.0.0:44953           0.0.0.0:*                           2192/dhclient
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name    Path
unix  2      [ ACC ]     SEQPACKET  LISTENING     3880     168/udevd           /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     8018     2341/dbus-daemon    /var/run/dbus/system_bus_socket

Plus, I am accessing my machine from outside my home network. My router is configured to block all ports, except 16022, whose tcp traffic is forwarded to my raspberry pi. So I don't understand why the log file has these weird ports listed.

In our environment i have to ssh to each an every servers
ssh <hostname> then which prompts for password for every login
i have to create a user name on 30 severs manually it takes much time so need a script to do this task i have googled and found some for loop scripts but it did not fullfill the requirement.
First i have to check whether the users exists and not and later add the user or reset the password for user using script

Hi All,

Please can someone assist me on this, I enabled Selinux on Ubuntu 14.04 server and it's disabling ssh remote login for all users including root.

From the ssh terminal I get the following error:

ssh root@192.168.x.x
Last login: Wed Mar 25 12:39:02 2015 from 192.168.x.x
/bin/bash: Permission denied
Connection to 192.168.211.135 closed.


tail /var/log/auth.log

ubuntu sshd[1640]: Accepted password for root from 192.168.x.x port 51082 ssh2

ubuntu sshd[1642]: Accepted password for root from 192.168.x.x port 51089 ssh2

ubunt sshd[1640]: Received disconnect from 192.168.x.x: disconnected by user

audit2allow --all

sshd_t

This avc is a constraint violation. you would need to modify the attribute of either the source or target types to allow this access.

possible cause is the source user (system_u) and target user (unconfined_u) are different.

possible cause is the source role (system_r) and target role (unconfined_r) are different.

possible cause is the source level (s0) and target level (s0-s0:c0.c255) are different.

allow sshd_t unconfined_trocess transition.

Please how can I make this changes to take effect.

Thanks in advance.

Hello, I am new to Linux and I am having difficulty setting up KDE. I have a vps with Debian 7 Wheezy on it and I need to get KDE working on it. The Linux installation from the vps company was very basic...I had to update the packages and install kde and kdm using the apt-get install kde and apt-get install kdm commands. When I type xstart to start the x server I get a message with the version number and other information so I am assuming that it is installed, but at the bottom of the message I have no cursor (I am able to type but when I hit the enter key after entering a command nothing happens) and the # is no longer there so I am unable to continue working. The only way i can get the command prompt and # back is to close Putty and reopen it (then I have to log into the vps all over again). From what I have read online, when I type startx, it should load KDE.

I was able to set the display by using the export DISPLAY=:0.0 command. But when I type startkde I get the message 'No protocol specified" and the next line says DISPLAY not set or unable to connect to xserver.

I have been using Putty to log into the vps, but yesterday I decided to use the web based login utility offered by the vps company. When connecting to the vps in this manner I am presented with a traditional looking login screen (I am assuming it is KDM). The user name that was provided to me from the vps company is 'root' ...well, when I try to login using KDM (the plasma setting) I get an error stating that 'root' logins are not allowed. Considering that the KDM is visible when logging in using the web based utility, I have a feeling that the KDE is also working...but I can't log into it because the user name is 'root' . However, when I use Putty I cant seem to get anything to load and start the way it is supposed to. I would appreciate any help in getting the KDE to work in Putty and the login via the web based utility to accept my username that the vps company gave me. Thank you.

hello,i want to create multi users for login in samba ! example user "one" is rw ,user "two" is r,user "three" is rwx.a was already create 2 user with difrent permission but not with 3 user,please help!

I have a shell script that calls an expect script I wrote to ssh login to another host and get user input regarding that host's network configuration. I pass four arguments to the expect script: the remote host ip address, the username, the password, and the list of commands to run. My expect script is below:

#!/usr/bin/expect
# Usage: expectssh <host> <ssh user> <ssh password> <script>

set timeout 60
set prompt "(%|#|\\$) $"
set commands [lindex $argv 3];

spawn ssh [lindex $argv 1]@[lindex $argv 0]

expect {
"*assword:" {
send -- "[lindex $argv 2]\r"
expect -re "$prompt"
send -- "$commands\r"
}

"you sure you want to continue connecting" {
send -- "yes\r"
expect "*assword:"
send -- "[lindex $argv 2]\r"
expect -re "$prompt"
send -- "$commands\r"
}

timeout {
exit }

expect -re $prompt
send -- "exit\r"
}

The script runs well, except that if I send a command such as 'read' that requires user input, the script does not continue or exit after the user presses enter. It just hangs.

The commands I pass to the expect script and it's call are as follows:
SCRIPT='hostname > response.txt;netstat -rn;read net_card?"What is the network interface card number? " >> response.txt; read net_mask?"What is the subnet mask? " >> response.txt'

/usr/bin/expect ./expectssh.exp $hostip $usr $pswd "$SCRIPT"

Any suggestions on how I can pass a command to my expect script that requires user input without it hanging?

On a side note because I know it will come up - I am not allowed to do key-based automatic SSH login. I have to prompt for a username and password, which is done from my main shell script.

Thanks for any suggestions and help you can provide!

Hi
I must connect to ftp to get some files occasionally. To do these I make a script.
The problem is that the user is generic and all of my work use these user in the local host, and the remote machine I must connect with my personal user so they can see my password in the script
There is some way to avoid these?
Thanks and sorry for my English

user="john bob randy susan"
I extracted local user list as: cat /etc/passwd | cut -d ":" -f1

Now I need to write a script to find the difference in user between these two (users defined as above and local user). I tried many ways its not working. Any help

#!/bin/bash
users="john bob randy susan"
luser=`/bin/cat /etc/passwd | cut -d ":" -f1`
......
....


Thank you

Is it possible to limit maximum number of user accounts?

My kernel version is 2.6.32. So It can support 4 billion user accounts now
But I hope to limit the quantity

I believe there is some ways to fix this, but I can't find the solution by myself.