Allow root login only for specific network range on FreeBSD

On FreeBSD the SSHd root login is disabled by default. Now to allow root login only for a specific network range or network host add the following to /etc/ssh/sshd_config:

Match Address 192.168.0.*, 172.16.0.1, 172.16.0.2, 172.16.*.*
        PermitRootLogin yes

the addresses are separated by commas and i guess the asterisk is self-explaining if you are into computing 😛

Restricted BASH on CentOS

How do put a user into a restricted bash environment? Let's say for example for using the shell access only for SSH tunneling? Here a small howto:

First you need to create a symlink called "rbash" as it does not exist on CentOS/Fedora. If bash is invoked as rbash it automatically transforms into a restricted shell

# ln -s /bin/bash /bin/rbash

now open your passwd file and change the shell to rbash and save, your line should then look like the following:

<USER>:x:<UID>:<GID>::<HOMEDIR>:/bin/rbash

Next step is to harden the bash for that previously mentioned user so that he cannot execute any commands:

open .bashrc in the user's homefolder and change the "export PATH" line:

export PATH=~

this sets the path to the home folder. Now secure the file against further changes:

chown root:<myuser> .bashrc
chmod 640 .bashrc

That's it. now test it and the logged in user should not be able to execute any commands. More information about the restricted shell can be found here.

If you want the user to execute specific commands use symlinks into his homefolder:

# ln -s /bin/ping /home/<user>/ping

This article/howto is based on this one. Thanks for your work!