SSH to only allow logins from specific IPs and block all oth
We use a Linode with Ubuntu 12.04. I went through the basics to install RSA encryption for SSH logins, and setup fail2ban, but I am not sure how to do the following. I want to only allow specific IP addresses (or ranges of IP addresses) to be able to SSH. In other words, I want to turn away ALL others from SSH. This way, I will be able to SSH from my office, and from home, and so will 1 other administrator. And block everybody else.
With my rudimentary unix sysadm knowledge - really, so rudimentary - I don't know how to configure fail2ban to enforce such a ban. Is this a normal thing to do, or is there a different way to achieve what I want - make it really restrictive for the world to access our servers, but allow a handful of known administrators only.
Any advice appreciated!
Thanks,
Vik
3 Replies
If you want to whitelist specific IP addresses then you have no need for fail2ban… because all (non-whitelisted) IP addresses will already be blocked by the firewall.
On Ubuntu the easiest firewall choice for admins with rudimentary knowledge is Uncomplicated Firewall or "ufw"
sudo ufw allow proto tcp from 192.168.0.2 to any port 22
````
… where you replace 192.168.0.2 with an ip address you want to whitelist.
The Linode Iptables Guide
Jebblue - That sounds like a very good thing for me to try. I appreciate the new solution!
You guys are great for helping, thank you!