Host Access Control allows you to lock down access to various services on your host to only allow specific IP addresses. This can be used to secure SSH connections to your server.
Please Note: The order in which you add your rules is important. If a device connects to your server, the first rule that the IP address matches with will be applied. If you place a blanket rejection rule before an accept rule, then the rejection rule will always be applied before the accept rule is reached. Please ensure you add the rules in the appropriate order for best results.
- Navigate to "WHM / Security Center / Host Access Control" and observe the Port, IP Address/CIDR, Protocol, and Action fields:
- In Port, place your current SSH port. If you have not changed your SSH port from the default, this will be Port 22.
- Place the IP address you wish to access SSH in the IP Address/CIDR field.
- From Protocol, select TCP. From Action, select ACCEPT. Placing this first ensures your device's IP address will always be accepted.
- Click "Add Rule" to commit the change
- To block all other IP addresses, add a second rule. Under Port, place the same SSH port.
- In the IP Address/CIDR field, place "ALL"
- From Protocol, select TCP. From Action, select REJECT.
- Click "Add Rule" to commit the change.
For more information on how to use Host Access Control, and how it can be used to secure more services than just SSH, please see the following documentation.