Securing your server is critical to protecting your data and ensuring only authorized users can access it. One effective way to enhance your server’s security is to restrict SSH access to a specific IP address. This guide will show you how to configure your Ubuntu VPS to allow SSH connections only from a designated IP address.
In this example, we’ll configure the server to allow access only from the IP address 12.345.67.890.
Why Restrict SSH Access?
By default, SSH allows connections from any IP address, which can expose your server to brute-force attacks or unauthorized access attempts. Restricting SSH to a specific IP:
•Reduces attack surface.
•Adds an extra layer of security beyond password and key-based authentication.
Prerequisites
1.Ubuntu VPS: Ensure your server runs Ubuntu (any recent version).
2.Firewall (UFW): Make sure UFW (Uncomplicated Firewall) is installed and active.
3.Root or Sudo Access: You need administrative privileges to modify firewall and SSH settings.
Step 1: Configure the Firewall to Restrict SSH
The firewall acts as the first line of defense by blocking unauthorized traffic. Follow these steps:
1.1 Allow SSH Only from 12.345.67.890
Run the following command to allow SSH traffic from the specific IP:
sudo ufw allow from 12.345.67.890 to any port 22
1.2 Deny All Other SSH Traffic
Block SSH access from any other IP addresses:
sudo ufw deny 22
1.3 Enable and Reload the Firewall
If UFW is not already enabled, activate it:
sudo ufw enable
Then reload the firewall rules:
sudo ufw reload
1.4 Verify Firewall Rules
To confirm the rules are applied, check the UFW status:
sudo ufw status
You should see an entry like this:
To Action From
-- ------ ----
22 ALLOW 12.345.67.890
22 DENY Anywhere
Step 2: Configure SSH to Restrict Access
The next step is to add restrictions directly in the SSH server configuration.
2.1 Open the SSH Configuration File
Edit the sshd_config file:
sudo nano /etc/ssh/sshd_config
2.2 Add an IP-Based Restriction
Locate or add the AllowUsers directive and specify the allowed user and IP:
AllowUsers your-username@12.345.67.890
Replace your-username with your actual SSH username.
2.3 Disable Root Login (Optional but Recommended)
For added security, ensure root login is disabled by checking or adding the following line:
PermitRootLogin no
2.4 Restart the SSH Service
Apply the changes by restarting the SSH service:
sudo systemctl restart sshd
Step 3: Test Your Configuration
It’s crucial to verify that your setup works as expected.
3.1 Test from the Allowed IP
From the IP address 12.345.67.890, attempt to connect to the server:
ssh your-username@your-vps-ip
3.2 Test from Another IP
Try connecting from a different IP address. The connection should be denied.
Troubleshooting
1.Locked Out?
If you accidentally lock yourself out, use a console or rescue mode provided by your VPS hosting provider to revert the changes.
2.Dynamic IP Address?
If your IP changes frequently, consider using a VPN or dynamic DNS service to create a fixed endpoint.
Conclusion
By combining firewall rules and SSH configuration, you create a layered security system that significantly reduces the risk of unauthorized SSH access. These steps ensure that only trusted IPs can connect to your server, providing a secure environment for your applications and data.
Have Questions?
Let me know in the comments if you need clarification or further help!
Feel free to share this guide with others looking to secure their VPS. Happy coding! 🚀
Top comments (0)