Accepting SSH connections only from localhost

Question

I just installed SSH and I would like to set it up to only accept connections from localhost. I plan to point a .onion address to it so that I may connect to it from anywhere on any network.

score 19 · Answer 1 · edited Aug 23 '12 at 08:52

19

In the /etc/ssh/sshd_config file there are those fields :

# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0

Change #ListenAddress 0.0.0.0 to ListenAddress 127.0.0.1, taking note to remove the leading #.

Then run sudo reload ssh and you will be able to connect only from localhost.

edited Aug 23 '12 at 08:52

Oli

289,791
117
680
835

answered Aug 23 '12 at 08:36

Cédric Julien

2,797
1
26
31

To reload ssh, run this command : `sudo systemctl restart ssh` – user238607 Mar 16 '20 at 16:21

score 3 · Answer 2 · answered Aug 23 '12 at 09:08

3

Another solution:

add the following line to the file /etc/hosts.deny:

sshd: ALL

add the following line to the file /etc/hosts.allow:

sshd: localhost

answered Aug 23 '12 at 09:08

January

35,223
15
82
101

score 2 · Answer 3 · answered Aug 27 '13 at 17:57

Plus you should read about iptables.

You can block connection to your host on port 22 via iptables:

# iptables -I INPUT -i eth0 -p tcp --dport 22 -s 0.0.0.0/0 -j DROP
# iptables -I INPUT -i lo -p tcp --dport 22 -j ACCEPT

And read about TransparentProxy.

Anyway solution with /etc/ssh/sshd_config, better.

Accepting SSH connections only from localhost

3 Answers3