Introduction
Host Access Control allows you to lock down access to various services on your host in order to only allow specific IP addresses. This can be used to secure SSH connections to your server.
Procedure
Block All
After navigating to Host Access Control (WHM / Security Center / Host Access Control) you will see three columns. "Daemon," "Access List," and "Action." You will want to set:
- "Daemon" to "SSH"
- "Access list" to "All"
- "Action" to "Deny"
This means that all IP addresses will be denied from accessing SSH.
Allow specific IPs
In order to allow IP addresses to access SSH, you will want to create additional rules with the following values.
- "Daemon" to "SSH"
- "Access list" to "203.0.113.2"
- Replace the IP address "203.0.113.2" with the actual IP.
- "Action" to "Allow"
You will then want to use the arrows on the lef-hand side to move the "allow" rules above the "deny" rule. The whitelisted IP addresses will need to be above the deny rule in order to work properly.
For more information on how to use Host Access Control, and how it can be used to secure more services than just SSH, please see the following documentation.