We would be honored if you visited our blog Visit the GSW Forums and read/post/reply to topics and questionsView GSW Training Videos on Team Services
Thanks for viewing information about Georgia SoftWorks Security Questions
UTS - Security - Restrict Access Based on IP Address  
You are viewing UTS Security Questions    
Our News

2017 at GSW

View our Updated Forums

Connect with GSW

Stay current with GSW by connecting with us through our blog and our social media pages.





GUI Config Tool

GSW Telnet Server GUI Configuration Tool

Windows Explorer style interface allowing provisioning and configuration management. Familiar to use operations such as copy, paste, rename, delete, export, import are applied to configurations on a user or system basis. Create templates and quickly view summary configuration data.

TEAM SERVICES  provides your mobile device users a breakthrough in Telnet/SSH2 technology that shatters all prior usability and efficiency standards by allowing unprecedented user collaboration.  Now mobile device users are empowered to share resources, transfer, swap, share and recover dropped sessions. All from the mobile device, no system administrator necessary. All operations can be performed in under 60 seconds.

Video Overviews

Team Services  the first feature set to offer Video overviews. We are excited to provide additional methods to meet customer expectations. Visit the GSW Video Channel!

Request a Webinar

Want to know more about UTS, RC MDMS or GSWBrowse? Request a Webinar. Give us a call or use our contact form and request a webinar.

Privacy Policy - Terms of Use

 

Restrict Connection based on IP Address

Examples: IP Restriction: Restrict certain Hosts from connecting
Examples: IP Restriction: Only Allow certain Hosts to connect

 

The system administrator may optionally restrict connections via telnet based upon the Host IP address. Remote access may be limited only to specific IP addresses. The system administrator may also restrict specific IP addresses from connecting via SSH2/Telnet.

Restrictions based on IP address are enforced when the file thosts exists. The IP addresses of interest are listed in the thosts file. In short, only IP addresses listed in the thosts file are allowed to connect via telnet/SSH2. The provision also exists to exclude specific IP addresses from connecting via SSH2/Telnet. A keyword [Exclude] is used that indicates all IP Addresses listed in the file should be excluded from logon via SSH2/Telnet.

How to set up Host IP Address Restriction

You must create the file

  • thosts

The file must reside in the Georgia SoftWorks Universal Terminal Server installation directory. The directive [EXCLUDE] indicates if the IP Addresses should be excluded from connection.

Note: The system account must have permission to read the thosts file.

The rules are simple for setting up the thosts file.

The # character is the comment character.

[EXCLUDE] directive placed in the 1st line will force the interpretation as the exclusion file, other wise only IP addresses listed are allowed.

Data after the IP address is ignored and therefore can be used for additional comment data.

Following are example thosts files.

Example 1: IP Restrict certain Hosts from connecting

Bill and Tom have machines that are in a public location and are not secure. The system administrator does not want to allow SSH2/Telnet access from those machines. However Bill and Tom have other machines that need SSH2/Telnet access to the server. This is how to set up the thosts file to exclude those particular machines.

Information needed:

  • IP address of Bill's machine: 198.68.20.21
  • IP address of Tom's machine: 198.68.22.25

Edit the file thosts and add the following lines:

[EXCLUDE]

# Here is the list of hosts that are not allowed to log in via SSH2/Telnet

198.68.20.21 Bob's machine

198.68.22.25 Tom's machine

Now let's look at the contents of the file

The [EXCLUDE] directive specifies that all IP addresses in the thosts file are not allowed to connect via telnet

The next line is a comment reminding the System Administrator that the following Host IP addresses will not be allowed to connect via SSH2/Telnet

Next is the list of Host IP addresses to exclude. The list can be as long as you desire.

Example 2: IP Restriction: Only allow certain Hosts to connect

ACME Accounting has 3 remote locations. For the machines at each location there may be dozens of different users that may be connecting at different times of the day. The system administrator only wants to allow SSH2/Telnet connections from the 3 remote locations.

However the ACME remote Location 3 office is temporally closed and is under remodeling. Therefore the system administrator want to easily comment remove them from the "allowed" list and quickly add them back as soon as the office reopens

Information needed:

  • IP address of ACME accounting location 1 machine: 198.68.35.21
  • IP address of ACME accounting location 2 machines:198.68.35.25
  • IP address of ACME accounting location 3 machines:198.68.35.26

Edit the file thosts and add the following lines:

# Here is the list of hosts that are allowed to log in via SSH2/Telnet

#

198.68.35.21 ACME accounting location 1 machine

198.68.35.25 ACME accounting location 2 machine

#Let's not allow location 3 until the office repoens.

#198.68.35.26 ACME accounting location 3 machine

#

 
Share it!    Bookmark  GSW Security: Restrict or allow based on IP Address at Delicious Digg GSW Security: Restrict or allow based on IP Address Share GSW Security: Restrict or allow based on IP Address with your Twitter followers Share GSW Security: Restrict or allow based on IP Address at StumbleUpon Add GSW Security: Restrict or allow based on IP Address to your Technorati favorites Share GSW Security: Restrict or allow based on IP Address on Facebook Share GSW Security: Restrict or allow based on IP Address on Blinklist Share GSW Security: Restrict or allow based on IP Address on Diigo Share GSW Security: Restrict or allow based on IP Address on Reddit Share GSW Security: Restrict or allow based on IP Address on Linked In Seed the vine with GSW Security: Restrict or allow based on IP Address