How to set up an Ubuntu 10.04 machine to accept ssh requests only from within the local network?
Solution 1
You have to edit the two configuration files /etc/hosts.allow
and /etc/hosts.deny
(you can get a detailed explanation of the format with man hosts_access
):
etc/hosts.allow:
sshd: 192.168.1.
etc/hosts.deny:
sshd: ALL
In both cases you could replace sshd
with ALL
, then these rules would not only apply to the ssh server but to all other daemons that might be running.
Solution 2
In addition to using hosts.allow and hosts.deny, you can use firewalls. "ufw" is installed by default in Ubuntu. You enable it with
sudo ufw enable
and then limit the ssh connectivity with `
sudo ufw allow from 192.168.1.0/24 to any app OpenSSH
That should do it. I believe the FireStarter application will allow a GUI configuration of ufw as well.
Related videos on Youtube
Comments
-
vanden over 1 year
I am about to install 10.04 (from bare metal to replace 9.04) and I want to set it up so that I can shh into the machine, but only from other machines on my local network. (I.e., I want to reject all ssh attempts from other than 192.168.1 set of IPs.) How do I do that correctly on 10.04?
-
msw almost 14 yearsThe
hosts.allow/deny
answers are correct, but it also makes sense for your home gateway/router to silently ignore all inbound packets from port 22 (and most other ports too). -
vanden almost 14 years@msw: I did already have my router set up to silently ignore incoming requests, but putting that tip here was a good idea. Thanks!
-
-
Admin about 13 yearsis it worth mentioning that the application profile is now "OpenSSH"?