Your browser does not allow storing cookies. We recommend enabling them.

Tectia

Restricting Connections

Tectia Server can be configured to reject connection attempts from unknown hosts. For example the following allows connections only from the internal network 10.1.0.0/8 IP addresses and from an external host with the IP address 195.20.116.1:

<connections>
  <connection action="allow">
    <selector>
      <ip address="10.1.0.0/8" />
      <ip address="195.20.116.1" />
    </selector>
  </connection>
  <connection action="deny" />
</connections>

Using the Tectia Server Configuration GUI, the same settings can be made under the Connections and Encryption page, on the Selectors tab. See Editing Connection Rules.

For information on the selectors, see Using Selectors in Configuration File.

On systems with several network interfaces, Tectia Server can also be bound to a specific network interface so that the server can be only accessed from the intended network. For example, the following will bind the listener to address 10.1.60.25 using the Secure Shell default port 22:

<params>
  <listener id="intranet" address="10.1.60.25" />
  ...
</params>

Using the Tectia Server Configuration GUI, this can be set on the Network page. See Network.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more