1

I have an ubuntu system at home, allowed ssh and enabled port forwarding to my machine for ssh connections. So far so good.

Now I can access from everywhere. How do i confugure my machine to refuse any connection that is not from my laptop or my phone?

Should it be done from the router or from the machine's firewall? How do I do it?

GalSuchetzky
  • 151
  • 1
  • 6
  • ssh-keys! https://askubuntu.com/questions/346857/how-do-i-force-ssh-to-only-allow-users-with-a-key-to-log-in – Stephen Boston May 31 '21 at 13:06
  • use ssh key to refuse at ssh level. Note that your modem/router will likely not forward incomming ssh connection (unless you advise it) from world to your server. – Archemar May 31 '21 at 13:11
  • Does this answer your question? [Limit SSH access to specific clients by IP address](https://unix.stackexchange.com/questions/406245/limit-ssh-access-to-specific-clients-by-ip-address) – Pablo A May 05 '23 at 18:21

2 Answers2

1

How to achieve this in two steps:

Step 1 - Whitelist

Just create a whitelist to allow the PCs you wish to allow access.

sudo vim /etc/hosts.allow

then just add your computer's IP

sshd: 10.83.33.77/32, 10.63.152.9/32

Step 2 - Blacklist

Now create a blacklist to block all others

sudo vim /etc/hosts.deny

now block all

sshd: ALL
Shōgun8
  • 695
  • 5
  • 16
  • [TCP wrappers](https://en.wikipedia.org/wiki/TCP_Wrappers) (included on libwrap0 package, see also `man hosts_access`) [are deprecated](https://fedoraproject.org/wiki/Changes/Deprecate_TCP_wrappers) – Pablo A May 05 '23 at 18:44
0

The answer by Shōgun8 is correct, but I would like to add that there is already an answer for your question:

Limit SSH access to specific clients by IP address

Panos
  • 124
  • 4