Increasing your system’s security by limiting SSH access to a single, specified machine (is this example, within your Local Area Network (LAN)) is always a good strategic approach. This method focuses on configuring firewall rules to ensure only a designated device can connect.
Firstly, you need to identify the IP address of the machine allowed to SSH into your system. On Fedora or macOS, this can typically be found by accessing the network settings or by executing the ip addr command in the terminal.
Suppose the allowed laptop’s IP address is 192.168.1.5.
firewalldFedora uses firewalld for firewall management, allowing you to define precise access control rules:
Implement a Rich Rule: Add a firewall rule to permit SSH connections only from your specified IP address by executing:
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.5" service name="ssh" accept'
This command creates a permanent rule in the public zone, authorizing SSH connections exclusively from the IP address 192.168.1.5.
Reload the Firewall: To activate your configuration, reload the firewall:
sudo firewall-cmd --reload
Ensure your settings are correctly applied by listing all active rules:
sudo firewall-cmd --list-rich-rules --zone=public
This command will display the rich rules within the public zone, including your SSH connection restriction.
192.168.1.0/24). You may need to adjust your setup according to your network’s configuration.