Restrict root ssh access to a single IP under Raspbian / Debian / Ubuntu

SheldonNo Comments

Today I configured a new backup solution that required me to restrict root ssh access to a single IP for the root user.

I got this to work by going the following steps (on Raspbian GNU/Linux 9):

  1. login via ssh on the machine to access via root
  2. modify the /etc/ssh/sshd_config like that: 
    $> sudo nano /etc/ssh/sshd_config
  3. add the following lines to the end of the file:
    # change the ssh port to 666
Port 666 

# disallow root access for everyone#
PermitRootLogin no

# allow root access for the IP 192.0.0.66 only
Match Address 192.0.0.66
        PermitRootLogin yes

    As you can see, I additionally changed the default ssh port from 22 to 666 for a little bit more confusion of potential hackers 😉

  4. after saving the file (Ctrl+o and Ctrl+x), I validated the configuration by:

    sshd -T
  5. and finally I restarted the ssh daemon by: 
    sudo /etc/init.d/ssh reload

That’s how to restrict root ssh access to a single IP under Raspbian! Afterwards I could only login from the machine 192.0.0.66 using the root user.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.