How to block SSH access using Host Access Control in WHM.

Question

How do you block SSH access using the Host Access Control in WHM?

Answer

Host Access Control allows you to lock down access to various services on your host to only allow specific IP addresses. This can be used to secure SSH connections to your server. 

Note: The order in which you add your rules is important. If a device connects to your server, the first rule that the IP address matches will be applied. If you place a blanket rejection rule before an accept rule, then the rejection rule will always be applied before the accept rule is reached. Please ensure you add the rules in the appropriate order for the best results.

1. Log in to WHM as the root user
2. Navigate to Home / Security Center / Host Access Control and observe the Port, IP Address/CIDR, Protocol, and Action fields:
3. In the Port field, place your current SSH port. If you have not changed your SSH port from the default, this will be Port 22.
4. Place the IP address you wish to access SSH in the IP Address/CIDR field. 
5. From the Protocol dropdown menu, select TCP. 
6. From the Action dropdown menu, select ACCEPT. Placing this first ensures your device's IP address will always be accepted.
7. Click the Add Rule button to commit the change.
8. To block all other IP addresses, add a second rule. Under Port, place the same SSH port.
9. In the IP Address/CIDR field, place "ALL".
10. From the Protocol dropdown menu, select TCP. 
11. From the Action dropdown menu, select REJECT.
12. Click the Add Rule button to commit the change.

Additional Resources

Host Access Control | cPanel & WHM Documentation