Whitelist IP addresses based on SSH origin

Aug 13, 2016 17:53 · 85 words · 1 minute read

Here is how you create a list of IP addresses, to be used with NGINX, based on successful ssh connections.

$ cat /usr/bin/auth-list.sh


# Make sure that we don't add it more than once.
if ! grep -q $PAM_RHOST $WHITELIST; then
    echo allow $PAM_RHOST\; >> $WHITELIST

$ cat /etc/pam.d/sshd

session optional pam_exec.so seteuid /usr/bin/auth-list.sh

Login via ssh and it will add your external IP address to the list.

$ cat /etc/nginx/conf/whitelist.conf


Reload NGINX for it to take affect.