Logo

dev-resources.site

for different kinds of informations.

Secure Your Ubuntu VPS: Restrict SSH Access to a Specific IP

Published at
12/23/2024
Categories
vps
ubuntu
ssh
selfhosted
Author
rajeshkumaryadavdotcom
Categories
4 categories in total
vps
open
ubuntu
open
ssh
open
selfhosted
open
Author
22 person written this
rajeshkumaryadavdotcom
open
Secure Your Ubuntu VPS: Restrict SSH Access to a Specific IP

Securing your server is critical to protecting your data and ensuring only authorized users can access it. One effective way to enhance your server’s security is to restrict SSH access to a specific IP address. This guide will show you how to configure your Ubuntu VPS to allow SSH connections only from a designated IP address.

In this example, we’ll configure the server to allow access only from the IP address 12.345.67.890.

Why Restrict SSH Access?

By default, SSH allows connections from any IP address, which can expose your server to brute-force attacks or unauthorized access attempts. Restricting SSH to a specific IP:

•Reduces attack surface.
•Adds an extra layer of security beyond password and key-based authentication.

Prerequisites
1.Ubuntu VPS: Ensure your server runs Ubuntu (any recent version).
2.Firewall (UFW): Make sure UFW (Uncomplicated Firewall) is installed and active.
3.Root or Sudo Access: You need administrative privileges to modify firewall and SSH settings.

Step 1: Configure the Firewall to Restrict SSH

The firewall acts as the first line of defense by blocking unauthorized traffic. Follow these steps:

1.1 Allow SSH Only from 12.345.67.890

Run the following command to allow SSH traffic from the specific IP:

sudo ufw allow from 12.345.67.890 to any port 22
Enter fullscreen mode Exit fullscreen mode

1.2 Deny All Other SSH Traffic

Block SSH access from any other IP addresses:

sudo ufw deny 22
Enter fullscreen mode Exit fullscreen mode

1.3 Enable and Reload the Firewall

If UFW is not already enabled, activate it:

sudo ufw enable
Enter fullscreen mode Exit fullscreen mode

Then reload the firewall rules:

sudo ufw reload
Enter fullscreen mode Exit fullscreen mode

1.4 Verify Firewall Rules

To confirm the rules are applied, check the UFW status:

sudo ufw status
Enter fullscreen mode Exit fullscreen mode

You should see an entry like this:

To                         Action      From
--                         ------      ----
22                         ALLOW       12.345.67.890
22                         DENY        Anywhere
Enter fullscreen mode Exit fullscreen mode

Step 2: Configure SSH to Restrict Access

The next step is to add restrictions directly in the SSH server configuration.

2.1 Open the SSH Configuration File

Edit the sshd_config file:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode Exit fullscreen mode

2.2 Add an IP-Based Restriction

Locate or add the AllowUsers directive and specify the allowed user and IP:

AllowUsers [email protected]
Enter fullscreen mode Exit fullscreen mode

Replace your-username with your actual SSH username.

2.3 Disable Root Login (Optional but Recommended)

For added security, ensure root login is disabled by checking or adding the following line:

PermitRootLogin no
Enter fullscreen mode Exit fullscreen mode

2.4 Restart the SSH Service

Apply the changes by restarting the SSH service:

sudo systemctl restart sshd
Enter fullscreen mode Exit fullscreen mode

Step 3: Test Your Configuration

It’s crucial to verify that your setup works as expected.

3.1 Test from the Allowed IP

From the IP address 12.345.67.890, attempt to connect to the server:

ssh your-username@your-vps-ip
Enter fullscreen mode Exit fullscreen mode

3.2 Test from Another IP

Try connecting from a different IP address. The connection should be denied.

Troubleshooting

1.Locked Out?
If you accidentally lock yourself out, use a console or rescue mode provided by your VPS hosting provider to revert the changes.
2.Dynamic IP Address?
If your IP changes frequently, consider using a VPN or dynamic DNS service to create a fixed endpoint.

Conclusion

By combining firewall rules and SSH configuration, you create a layered security system that significantly reduces the risk of unauthorized SSH access. These steps ensure that only trusted IPs can connect to your server, providing a secure environment for your applications and data.

Have Questions?

Let me know in the comments if you need clarification or further help!

Feel free to share this guide with others looking to secure their VPS. Happy coding! 🚀

ssh Article's
30 articles in total
Favicon
How to Set Up Key-Based and Password-Based SSH for a Newly Created User on an EC2 Instance
Favicon
SSH Keys | Change the label of the public key
Favicon
让安卓手机不再吃灰:在安卓手机上搭建 Rust 开发环境
Favicon
SSH port forwarding from within code
Favicon
Mastering Ansible on macOS A Step by Step Guide
Favicon
kkTerminal —— A terminal for Web SSH connection
Favicon
Set Up SSH in 1 Minute Setup Like a Pro (With Some Fun Along the Way)
Favicon
How to Configure GitHub Authentication Using SSH Certificates
Favicon
Understanding SSH: Secure Shell Protocol
Favicon
Check gitlab ssh key auth
Favicon
How I Secured Port 22
Favicon
SSH port forwarding from within Raku code
Favicon
Changing an established SSH connection without disconnecting
Favicon
SSH port forwarding from within Rust code
Favicon
Configure SSH Passwordless Login from Windows to Linux
Favicon
Push to multiple GitHub accounts!
Favicon
Access to Google Cloud Virtual Machine through SSH
Favicon
Large file transfer from VPS to local machine
Favicon
Secure Your Ubuntu VPS: Restrict SSH Access to a Specific IP
Favicon
Accessing Remote Databases Without VPN Using SSH Tunnels
Favicon
Carla Simulator 1 : How to Set Up CARLA Simulator 🏎️🔥
Favicon
Getting Started with Oysape: Exploring Task and Pipeline
Favicon
Increase Debian based Linux VPS server’s security
Favicon
Splunk - SSH Dashboard Creation
Favicon
Debugging SSH connections: A Comprehensive Guide
Favicon
Understanding SSH Key Pairs: A Developer's Guide
Favicon
SSH Config File - Forgotten Gem
Favicon
SSH kalitini Github.com'ga qo'shish
Favicon
Using SSH to Connect Local Git to Remote Repositories
Favicon
Quickly and Easily Manage Multiple SSH and GPG Keys Across Git Repositories

Featured ones: