Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Restrict SSH access to specific IP addresses

Restrict SSH access to specific IP addresses

Scheduled Pinned Locked Moved Support
sshfirewall
6 Posts 5 Posters 783 Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      H Offline
      hcj-online
      wrote on last edited by girish
      #1

      Hi there!

      I want to make SSH accessible only from certain IP addresses. Normally I would just set up an iptables rule to do this. However, the cloudron documentation suggests not to add your own iptables rules. What is the best way to implement this restriction without having a dedicated firewall in front of the cloudron machine?

      Thank you!

      1 Reply Last reply
      1
      • murgeroM Offline
        murgeroM Offline
        murgero
        App Dev
        wrote on last edited by
        #2

        Where are you hosting? As far as I know Cloudron manages it's own firewall so making rules make break something but the docs do have something that may or may not help: https://docs.cloudron.io/networking/#firewall

        --
        https://urgero.org
        ~ Professional Nerd. Freelance Programmer. ~

        1 Reply Last reply
        1
        • P Offline
          P Offline
          p44
          translator
          wrote on last edited by
          #3

          @hcj-online If you use Hetzner VPS, you can youse their firewall. Is very easy to configure.

          1 Reply Last reply
          1
          • H Offline
            H Offline
            hcj-online
            wrote on last edited by
            #4

            Thanks for the feedback, but there is no firewall available in front of this machine (as it would be available when using some cloud providers like Hetzner). I am aware of the Cloudron firewall documentation, but it only provides information on blocking specific IPs. However, I only want to allow a specific IP for SSH.

            After some research, is it okay to use hosts.allow and hosts.deny in conjunction with Cloudron?

            1 Reply Last reply
            1
            • necrevistonnezrN Online
              necrevistonnezrN Online
              necrevistonnezr
              wrote on last edited by
              #5

              I have modified the Match Address parameter in the SSH daemon configuration pursuant to this: https://unix.stackexchange.com/questions/406245/limit-ssh-access-to-specific-clients-by-ip-address

              1 Reply Last reply
              1
              • girishG Offline
                girishG Offline
                girish
                Staff
                wrote on last edited by
                #6

                Interesting. So, from @necrevistonnezr's like the hosts.allow/hosts.deny may not work in the future. "Note: this might not be an option on modern distributions, as support for tcpwrappers was removed from OpenSSH 6.7"

                1 Reply Last reply
                1
                Reply
                • Reply as topic
                Log in to reply
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes


                  • Login

                  • Don't have an account? Register

                  • Login or register to search.
                  • First post
                    Last post
                  0
                  • Categories
                  • Recent
                  • Tags
                  • Popular
                  • Bookmarks
                  • Search