Restricting access based on IP addresses is a common security practice to control which computers or networks are allowed to connect to a particular service. In the context of SSH, you can restrict access to your server by specifying the IP addresses or IP ranges that are allowed to connect. Here are the general steps to achieve this:
1. Edit SSH configuration file:
Open the SSH server configuration file on your server. The location of the configuration file can vary depending on your Linux distribution, but it is often found at `/etc/ssh/sshd_config`. Use a text editor to edit the file:
sudo nano /etc/ssh/sshd_config
2. Allow only specific IP addresses:
Look for the AllowUsers or AllowGroups directive in the configuration file. If it doesn't exist, add it. Specify the allowed user and IP address or range. For example, to allow connections only from the IP address 192.168.1.100 for the user john:
AllowUsers [email protected]
You can also specify multiple users and IP addresses or ranges:
AllowUsers [email protected] [email protected]
3. Allow specific IP range:
If you want to allow a range of IP addresses, you can use CIDR notation. For example, to allow connections from the entire 192.168.1.0/24 subnet:
AllowUsers [email protected]/24
4. Reload SSH service:
After making changes to the SSH configuration file, save the file and reload the SSH service to apply the changes:
sudo service ssh reload
5. Testing:
Test the SSH access to ensure that the changes are effective. Try connecting from the allowed IP address:
ssh user@your-server-ip
Replace user with your username and your-server-ip with the IP address of your server.
Important considerations:
- Backup configuration: Before making changes to the SSH configuration, it's a good practice to create a backup of the configuration file.
- Firewall rules: Ensure that any firewall rules on the server also allow traffic from the specified IP addresses.
- Security groups (Cloud Environments): If your server is in a cloud environment, make sure to configure security groups or network ACLs to allow traffic from the specified IP addresses.
- Logging and monitoring: Regularly review SSH logs to monitor login attempts and ensure that your restrictions are effectively filtering unauthorized access.
By restricting access based on IP addresses, you add an additional layer of security to your SSH server, allowing only trusted systems to connect. This is especially useful in situations where you want to limit access to specific users from specific locations.