5.1.7. HOWTO Restrict Network Access to SSHΒΆ
Like most SIMP modules, the SSH module utilizes a trusted_nets
parameter to control access
to the SSH service via both IPTables and TCPWrappers.
Since there is no way for the SIMP installation to successfully guess where you may be connecting from, or know about your particular network architecture, it defaults to allowing SSH connections from any host.
It is understandable that you may want to restrict this further. To do so, you
simply need to set the ssh::server::conf::trusted_nets
to an Array
of
networks or hosts from which you would like to connect.
Example: Set Trusted Nets to Alternate Networks via Hiera
---
ssh::server::conf::trusted_nets :
- 1.2.3.4
- 10.1.2.0/24
- 192.168.0.0/16
You can find more information on trusted_nets
in the
Installation Variables in the Advanced Configuration
section of the SIMP Getting Started Guide.