Accepting SSH connections only from localhost

Question

I just installed SSH and I would like to set it up to only accept connections from localhost. I plan to point a .onion address to it so that I may connect to it from anywhere on any network.

score 21 · Answer 1 · edited Aug 23 '12 at 08:52

21

In the /etc/ssh/sshd_config file there are those fields :

# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0

Change #ListenAddress 0.0.0.0 to ListenAddress 127.0.0.1, taking note to remove the leading #.

Then run sudo reload ssh and you will be able to connect only from localhost.

edited Aug 23 '12 at 08:52

Oli

299,380

answered Aug 23 '12 at 08:36

Cédric Julien

2,857

score 4 · Answer 2 · answered Aug 23 '12 at 09:08

4

Another solution:

add the following line to the file /etc/hosts.deny:

sshd: ALL

add the following line to the file /etc/hosts.allow:

sshd: localhost

answered Aug 23 '12 at 09:08

January

37,208

score 2 · Answer 3 · answered Aug 27 '13 at 17:57

Plus you should read about iptables.

You can block connection to your host on port 22 via iptables:

# iptables -I INPUT -i eth0 -p tcp --dport 22 -s 0.0.0.0/0 -j DROP
# iptables -I INPUT -i lo -p tcp --dport 22 -j ACCEPT

And read about TransparentProxy.

Anyway solution with /etc/ssh/sshd_config, better.

Accepting SSH connections only from localhost

3 Answers3