Restricting SSH access to a specific IP for a specific user

Valetia

• January 01, 2014 09:44

Is there any way to restrict SSH access to a specific IP for just a particular user (rather than on a server-wide basis)?

• 

  cPanelMichael

  • January 01, 2014 15:05

  Hello :) You can use a custom "AllowUsers" entry in the /etc/ssh/sshd_config file to limit access to specific IP addresses for specific users. EX: AllowUsers root@1.2.3.4 cptest1
  This above entry would allow root access from IP 1.2.3.4 and the "cptest1" user access from any IP address. Thank you.

  0
• 

  Valetia

  • January 01, 2014 16:34

  [quote="cPanelMichael, post: 1541232">Hello :) You can use a custom "AllowUsers" entry in the /etc/ssh/sshd_config file to limit access to specific IP addresses for specific users. EX: AllowUsers root@1.2.3.4 cptest1
  This above entry would allow root access from IP 1.2.3.4 and the "cptest1" user access from any IP address. Thank you.
  Thanks Michael for your help. Does this mean that by using this method, we will have no choice but to add every single user that has been configured via WHM to have SSH access, to the "AllowUsers" entry? So if we had 80 cPanel users with SSH enabled, we would need to add all 80 users to the "AllowUsers" entry, in order to perform the IP restriction for a single user?

  0
• 

  cPanelMichael

  • January 01, 2014 16:44

  Yes, that is correct: [QUOTE]AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. "*" and "?" can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
  

  0
• 

  monarobase

  • January 04, 2014 08:15

  We only allow public key authentication and for each key you can specify what IP's are allowed to use it. This means that if password authentication is disabled and your only public key for your root user is restricted to your IP that you are the only person who can log in with the root user. This doesn't work with password auth though.

  0

Please sign in to leave a comment.