HOWTO: Allow SSH logins from Anywhere

16Apr11

I, like many people, access my servers, and in fact, almost every other computer in my house, through SSH.

I’ve previously set up the correct port forwarding to port 22, and installed and configured ddclient on my server, in order to be able to SSH into it from a dyndns.org web address.

One thing I forgot however, is to allow SSH logins from unknown IP addresses.

To do this, edit /etc/hosts.allow and add;

sshd : ALL : allow

That will allow any IP address to connect to your server, which is a slightly dangerous thing. You can also list specific IP addresses or ranges to allow, and block all others;

#Allow the xx.xx.xx.0 range

sshd : xx.xx.xx. : allow

#Allow specific IP

sshd : xx.xx.xx.xx : allow

#Allow localhost

sshd : localhost : allow

# Deny all others

sshd : ALL : deny

Note that the order is important, if the ALL : deny is at the beginning, it’ll ignore everything after it, and just block everyone.

About these ads


Follow

Get every new post delivered to your Inbox.

Join 69 other followers

%d bloggers like this: