I've been having issues with OMV, and in hunting down the cause, I've been needing to use SSH quite a bit. When the issue appears, I enable SSH, connect with an android version of putty, and figure out what's going on.
Enabling SSH every time is taking quite a bit of time, so I'm looking for a method where I can leave it on, without any security risk. Is there a way to set SSH to only respond to a specific mac address?
Safe local network SSH
-
- OMV 2.x
- gelöst
- vomov
-
-
Is there a way to set SSH to only respond to a specific mac address?
You can do it but i'll only work in local network. The MAC source address doesn't travel through the internet.
When the issue appears, I enable SSH, connect with an android version of putty, and figure out what's going on.
Leave it on all the time an use public key authentication, read the guide here [GUIDE] Enable SSH with Public Key Authentication (Securing remote webUI access to OMV)
-
I only access it through the local network, so that should be fine.
But upon reading the guide you posted, I might try to set up that. Thanks! -
-
It is easiest to just create a firewall rule that limits the source for ssh connections to your LAN (e.g. 192.168.1.0/24 for source).
-
Ah; I forgot OMV had a built-in firewall. I'll go mess with that for a bit, thanks!
-
You can look at example rules here on my post:
Help setting up firewall (iptables)
The shellinabox rule limits to local access.
-
-
I've set up a rule (based on 'reject', with ! before the ip-adress), which works well; my PC can access OMV, other devices can't. At the same time, other traffic is unimpeded.The content on the thread you posted is quite helpful, thanks!
Question: is it possible to put something that behaves like an 'OR' in the source (Let's say 192.168.68 to .76 require access, as well as .81, while other IP's are to)? -
You can do a range of sequential ips. This firewall is limited. I think you would just have to enter 2 rules.
-
I've given my devices (PC, drag-around-tablet) fixed IP's, and set up a range. It's not too limited for my uses! Thanks for your help!
-
-
Yeah, that is best if you want one rule....
Jetzt mitmachen!
Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!