Restrict SSH to one interface

--------------------------------------------------
Rise to the top 3% as a developer or hire one of them at Toptal: https://topt.al/25cXVn
--------------------------------------------------

Music by Eric Matyas
https://www.soundimage.org
Track title: Mysterious Puzzle

--

Chapters
00:00 Restrict Ssh To One Interface
00:39 Accepted Answer Score 15
01:10 Answer 2 Score 2
01:46 Thank you

--

Full question
https://superuser.com/questions/376609/r...

--

Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...

--

Tags
#ubuntu #ssh #sshd #networkinterface

#avk47

ACCEPTED ANSWER

Score 15

In the following file:

 /etc/ssh/sshd_config

You'll see a line like:

#ListenAddress 0.0.0.0

This is commented out, but is the default, to list on all IP addresses for ssh requests. You can change this so that it is the IP address of the interface you want to accept connections on, and so only that IP address will accept ssh connections:

ListenAddress 111.222.111.222

Restart the sshd service once changed.

ANSWER 2

Score 2

Try installing a firewall and only allow SSH on one interface. My preferences is Shorewall which is an installable package on Ubuntu. You will need to configure it before it will start, but it is well documented and comes with several example configurations.

I use a mostly closed firewall with only the ports required open. If all you want to do is limit the interface SSH is allowed on you can use a REJECT or DROP action for ssh on the other interfaces. I would suggest if you are building a firewall you at least limit access on Internet facing interfaces.