Restricting SSH connections
Increasing your system’s security by limiting SSH access to a single, specified machine (is this example, within your Local Area Network (LAN)) is always a good strategic approach. This method focuses on configuring firewall rules to ensure only a designated device can connect.
Determine the Permitted Laptop’s IP Address
Firstly, you need to identify the IP address of the machine allowed to SSH into your system. On Fedora or macOS, this can typically be found by accessing the network settings or by executing the ip addr
command in the terminal.
Suppose the allowed laptop’s IP address is 192.168.1.5
.
Configuring the Firewall with firewalld
Fedora uses firewalld
for firewall management, allowing you to define precise access control rules:
Implement a Rich Rule: Add a firewall rule to permit SSH connections only from your specified IP address by executing:
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.5" service name="ssh" accept'
This command creates a permanent rule in the public zone, authorizing SSH connections exclusively from the IP address
192.168.1.5
.Reload the Firewall: To activate your configuration, reload the firewall:
sudo firewall-cmd --reload
Verify Your Firewall Configuration
Ensure your settings are correctly applied by listing all active rules:
sudo firewall-cmd --list-rich-rules --zone=public
This command will display the rich rules within the public zone, including your SSH connection restriction.
Important Considerations
- It’s assumed that the Fedora system and the laptop are on the same network subnet (
192.168.1.0/24
). You may need to adjust your setup according to your network’s configuration. - Ensure the laptop’s IP address is static or reserved in your DHCP server settings to prevent connection issues due to dynamic IP assignment.