sshd_config ListenAddress syntax for multiple IP's

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Greetings everyone,
I'm setting up jails in FreeBSD4.10 stable, and the question of sshd
has come up. I want to disable listening on certain host IP's, so that
sshd running in various jails listen on those IP's instead.

The host machine has 5 IP's, and I want to stop the host sshd from
listening on 2 (the number of jails that are set up). Thus, since in
sshd_config if ListenAddress is left at, the host listens on
*all* IP's...whether 5 or 50. It seems then that I must specify *only*
the IP's that the host may listen on.

I need to know the syntax for specifying multiple IP's (as opposed to
a range, since the list isn't contiguous as you can see in my example
below) for "ListenAddress" in sshd_config. This has to be right, since
if I screw it up I'll lock myself and other admins out of a box which
is 3000 miles away! (-:

Is it:,,

or is it:

OR is it:

OR - is it some *other* syntax?

(I'm using private IP examples instead of the actual IP's I have on
the box, please excuse the necessary confidentiality, since this is a
newsgroup) RTFM up 'til now hasn't produced any meaningful results.
I've actually seen the question asked a couple of times while
Googling, but thus far no answer(s) have revealed themselves while
searching. I've been diligent, but drew blanks, hence turning to this
group finally for help. Believe this, I did really try to find the
answer myself first. :)

Hoping this post makes sense, and also - of course - Thanks In
Anticipation for knowledgeable help or guidance.

Kind Regards to one and all,

Re: sshd_config ListenAddress syntax for multiple IP's (Colin Raven) writes:
Quoted text here. Click to load it

You could try it out on some more local box... - plus if you just kill
-HUP the daemon, it won't affect established sessions.

Quoted text here. Click to load it


Strange, I found the ListenAddress entry in sshd_config(5) to be pretty
crystal clear...

             Specifies the local addresses sshd should listen on.  The follow-
             ing forms may be used:

                   ListenAddress host|IPv4_addr|IPv6_addr
                   ListenAddress host|IPv4_addr:port
                   ListenAddress [host|IPv6_addr]:port

This rules out your alternate suggestions (i.e. only one address

             If port is not specified, sshd will listen on the address and all
             prior Port options specified.  The default is to listen on all
             local addresses.  Multiple ListenAddress options are permitted.

And this says to repeat the option.

--Per Hedeland

Site Timeline