Restricting access to ssh by ip

June 15, 2012 December 31, 2015 ww.kr.ua Notebook

I bought a static ip from the provider and decided to allow access to ssh from this ip only. The advantages are obvious: no one except me can connect to your server via ssh. No one can pick passwords. And fail2ban becomes unnecessary. :) In short, from static ip some solid pluses.

Method one. Specifying the allowed ip in the /etc/hosts.allow file. Write the following line in it:

  SSHD: 127.0.0.1

127.0.0.1 replace with your ip address.

Open the following file - /etc/hosts.deny and put it there:

  SSHD: ALL

Now restart ssh with the service ssh restart command.

The second way. Restricting access by ip using iptables.

If you have an open firewall, then you need to allow access only from your ip and close for the rest. 127.0.0.1 replace with your ip.

 iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j accept
 iptables -A INPUT -p tcp --dport 22 -j DROP

If the firewall is closed, you only need to allow access to yourself.

 iptables -A INPUT -s 127.0.0.1 -p tcp --dport 22 -j accept

In both cases, 127.0.0.1 needs to be replaced with your ip.

How do you rate the article?

( 4 ratings, average: 4.50 out of 5)

” 10 Comments “ Restricting access to ssh by ip ”

palexa :

August 15, 2012 at 6:06 pm

: -x Once ASPLinux was installed, it worked, right now I put CentOS - it does not work

Reply
1. ww.kr.ua :
  
  August 15, 2012 at 10:26 pm
  
  Apparently, the centos works somehow differently. Written as done in Debian.
  
  Reply
palexa :

August 15, 2012 at 11:46 pm

Unbelievable, but it is a fact
Prior to that, edited files by sshd
All do not care

I went to the server, LOCAL under X, edited the file again
Outcome: Everything EARNED

There are miracles

Reply
1. ww.kr.ua :
  
  August 16, 2012 at 15:03
  
  Well, this can be explained only by the fact that no new parameters were applied to the current connection. And for the new was to earn.
  
  Reply
Rafael :

May 29, 2014 at 11:26

But will it work like this?
1.SSHD: 127.0.*.*

Reply
1. ww.kr.ua :
  
  May 29, 2014 at 12:18
  
  Not. Rather, 127.0.0.1/8.
  
  Reply
2. Sergey :
  
  December 27, 2016 at 4:55 pm
  
  just added 127.0. *. * in ssh
  works. in centos
  
  Reply
Yuri :

March 23, 2015 at 11:26 pm

nano /etc/apache2/conf-enabled/phpmyadmin.conf

to insert
Order deny, allow
deny from all
# IP list with a space from which access is allowed
Allow from 192.168.88.1

Reply
YAHOO :

October 23, 2016 at 1:24 pm

What to do if un changed? How to get access in this case?

Reply
mimoprohodil :

November 03, 2017 at 10:58

in the iptables rule, the word accept in large letters, the variant you write will give an error (Couldn't load target `accept ': No such file or directory)

Reply