mr_bigmouth_502 wrote:
I figured I'd give this thread a quick bump.
Can someone give me a simple, step-by-step guide on how to set up an SSH server to be accessed over a local network? I don't want it to be accessible over the internet, just in my local 192.168.x.x subnet that only I have access to. The Arch wiki's tutorial is rather quite confusing, with all this stuff about key signing and whatnot. I'm thinking that once I get SSH set up, it should make it easier to set up things like VNC or RDP.
If you have a firewall and the host is on the LAN side, then you don't need to do much of anything.
If it has dual cards, one for WAN and one for LAN then you can edit the "/ etc / ssh / sshd_config" (without spaces) file with (suppose the address is 192.168.10.250)
ListenAddress 192.168.10.250
This will only listen on the LAN address and ignore all else.
If the host is on the internet and you want to only permit accesses from your local net, for purposes of discussion, assume that your net block is 23.72.0.0/13 (this is assigned to IBM) and your host address is 23.75.200.255, then you could edit the sshd_config file with
ListenAddress 23.75.200.255
Then use things like
PermitRootLogin no
Then use Match Address to permit the users you want:
Match Address 23.72.0.0/13
PermitRootLogin without-password
Banner / etc / ssh / banner-lan
PasswordAuthentication yes
You could also set firewall rules that restricted access to port 22 to only local addresses.
09 Jul 2016, 4:05 pm
