Make sshd listen to a specific interface

linux ssh ip interface
46,463

You can't do that directly as sshd only understands IP addresses. You may be able to knock something together using an openvpn up script

-up cmd Shell command to run after successful TUN/TAP device open (pre --user UID change). The up script is useful for specifying route commands which route IP traffic destined for private subnets which exist at the other end of the VPN connection into the tunnel...

See also the --down option to clean up and the relevant parts of the documentation detailing script security etc.

You'll find the IP address of the tun device is passed to the script as an environment variable. Also sshd takes options on the command line of the form 

-oSomeOption=SomeValue

-o option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. For full details of the options, and their values, see sshd_config(5)

So you could use 

-o ListenAddress=<some address>

Presumably you have some out of band method of talking to your VPS so that when this breaks you can contact the server.

Share:
46,463

Related videos on Youtube

Philipp
Author by

Philipp

Updated on September 18, 2022

Comments

  • Philipp
    Philipp over 1 year

    On my machine I'm using OpenVPN which use the tun0 interface. I want sshd to listen only on this interface.

    I know, I can specify the IP address to listen to in

    /etc/ssh/sshd_config

    with a 

    ListenAddress 0.0.0.0

    directive. But my IP address will change, so I cannot choose an IP here which is always valid. I know that I can start the daemon only when the VPN is up - that's not the problem.

    How can I make sshd only listen on a specific interface (tun0)?

    • Admin
      Admin almost 10 years
      Firewall off port 22 on any ports that are not tun0?
  • pjz
    pjz almost 10 years
    Try: -o ListenAddress=$(ip addr | awk '/inet/ && /tun0/{sub(/\/.*$/,"",$2); print $2}')
  • user9517
    user9517 almost 10 years
    @pjz I don't think you need to do that as I'm fairly sure that the IP address of the device is available as an environment variable to the up script. I just don't have the stuff to hand to test it.
  • Philipp
    Philipp almost 10 years
    Excellent! The IP is passed to the up script as ifconfig_local=10.xx.xx.xx. A whole bunch of other data (dev_type=tun, common_name=myservername, ifconfig_remote, route_gateway_1, untrusted_ip, ifconfig_local, proto_1, tls_serial_1, tls_serial_0 ...) are passed along.
  • user9517
    user9517 almost 10 years
    Yes I know and now you do too :)
  • Philipp
    Philipp almost 10 years
    Maybe you want to edit your answer and add the relevant env variable name? (for future readers)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Changing IP settings via ssh in Ubuntu. What should be done?
ssh: connect to host port 22: Connection refused with external ip address
/etc/interfaces file for multiple gateways, same network? (linux)
What are the interface prefix meanings in ifconfig?
multiple default gateways for alias interfaces
Why does my remote process still run after killing an ssh session?
JAVA: How to create http url connection selecting the ip address to use
Get IP address from python
get ip address from bssid
mysqldump with ssh connection in shell script