Restricting the SSH port to the public IP address of the VPN
-
Welcome,
I am in the process of looking for a solution to restrict the SSH port outside the firewall, as it is known to be dynamically changed by Cloudron.After removing the support for TCP Wrappers, I searched for various solutions on how to restrict access through configurations in ‘sshd_config’. The result? Not satisfactory. Completely nothing worked.
While browsing around here and I found a post that you can edit the ‘/home/yellowtent/platformdata/firewall/ports.json’ file and then this will add to the dynamic firewall system.
I was pleased to see that this is a possibility, but a question. Can I add with a public IP address?
Why am I doing this? I want to migrate a server to my country that don't have a firewall system, like at Hetzner, where on all servers I restrict port 22 to a VPN address for security.
-
I don't think this is possible unless there is a document I have missed somewhere. I wanted to do this myself for the same reason. I ended up moving SSH to port 202 and disabling password authentication, this has cut down all the SSH connection attempts. Cloudron configures the firewall to allow inbound port 202, no need to explicitly allow that port.
-
We haven't added a way to add custom persistent iptables rules . For SSH though, just move it port 202 and disable root auth and password auth. This usually cuts down all bots to 0.
-
-