Ubuntu: Can I block root ssh access from external notwork, but not from the local LAN


OS: Ubuntu 14.04

I would like to root login from ssh locally, because backuppc needs that. I would like to block an external access with root login.



You can do this using a Match block in /etc/ssh/sshd_config. First, make sure you have this line:

PermitRootLogin no  

That will block root access. You can then allow it for your local network with this:

## Permit local root login  Match Address 192.168.1.*,        PermitRootLogin yes  

This assumes that your LAN gives IPs like 192.168.1.N, if not, change accordingly. Also, I suggest you add this at the end of /etc/ssh/sshd_config to make sure it does not conflict with other directives. Once you have done so, restart the ssh service (sudo service ssh restart) and you will be able to ssh as root from local machines only.


Using this simple iptables rule, you can block the hosts not coming from your local network, my network is so my rule will be:

iptables -A INPUT -i eth0 -p tcp --dport 22 ! -s -j DROP  

if you want block only a particular user from a source

in your /etc/ssh/sshd_config

AllowUsers root@192.168.122.*  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »