4.11.6. HOWTO Restrict Network Access to SSH¶
Like most SIMP modules, the SSH module utilizes a
trusted_nets parameter to
control access to the SSH service via both IPTables and TCPWrappers.
Since there is no way for the SIMP installation to successfully guess where you may be connecting from, or know about your particular network architecture, it defaults to allowing SSH connections from any host.
It is understandable that you may want to restrict this further. To do so, you
simply need to set the
ssh::server::conf::trusted_nets to an
networks or hosts from which you would like to connect.
Example: Set Trusted Nets to Alternate Networks via Hiera
--- ssh::server::conf::trusted_nets : - 18.104.22.168 - 10.1.2.0/24 - 192.168.0.0/16