Limiting access per SSH to specific accounts to LAN/specifc IPs?

Question

in my quest to create a public user with almost no rights and an administrator user that can only accessed by me, I'd like to know if it is possible to limit SSH access to said administrator user to LAN/specifc IP adress/unique token only, without limiting the access to the publicly accessible user.

Is there a function in openssh-server that allows for such a level of customization?

binarysta · Accepted Answer · 2017-10-06T17:06:53.770

0

You can restrict by IP for a specified user. Add below line in /etc/ssh/sshd_config:

AllowUsers user@x.x.x.x

Also you can do as below if you need more than one IP:

AllowUsers user@x.x.x.x user@y.y.y.y OR user@x.x.x.*

edited Oct 06 '17 at 17:06

answered Oct 01 '17 at 15:37

binarysta

116

Thanks, that is already pretty close to the perfect solution I'm looking for! – UmBottesWillen Oct 01 '17 at 15:40
1

I'd generally just go with public key authentication. It's safe enough that you don't have to worry about brute force attacks. – vidarlo Oct 01 '17 at 15:52

Limiting access per SSH to specific accounts to LAN/specifc IPs?

1 Answers1