Home / ubuntu / Questions / 2266
Accepted
vanden
Asked: 2010-08-15 04:53:11 +0800 CST

How to set up an Ubuntu 10.04 machine to accept ssh requests only from within the local network?

  • 772

I am about to install 10.04 (from bare metal to replace 9.04) and I want to set it up so that I can shh into the machine, but only from other machines on my local network. (I.e., I want to reject all ssh attempts from other than 192.168.1 set of IPs.) How do I do that correctly on 10.04?

security networking ssh firewall

2 Answers

  1. Best Answer

    You have to edit the two configuration files /etc/hosts.allow and /etc/hosts.deny (you can get a detailed explanation of the format with man hosts_access):

    etc/hosts.allow:

    sshd: 192.168.1.

    etc/hosts.deny:

    sshd: ALL

    In both cases you could replace sshd with ALL, then these rules would not only apply to the ssh server but to all other daemons that might be running.

    • 10

  2. In addition to using hosts.allow and hosts.deny, you can use firewalls. "ufw" is installed by default in Ubuntu. You enable it with

    sudo ufw enable

    and then limit the ssh connectivity with `

    sudo ufw allow from 192.168.1.0/24 to any app OpenSSH

    That should do it. I believe the FireStarter application will allow a GUI configuration of ufw as well.

    • 7