Deny SSH access by ip address on cpanel


Deny SSH access by ip address on cpanel


There are many ways available to secure SSH on cPanel Server. We can deny SSH access to all other ip address except from our ISP ips.  In order to allow our ip address and deny all other ips use the following method.

From within your WHM head to Security Center >> Host Access Control.
Here we can add in some rules to control who can access sshd.

Example

Daemon            Access List                              Action                         Comments
sshd              115.119.26.146                           allow                         working ISPs
sshd              ALL                                      deny                          Deny all other ips

 

Limit SSH per IP and user
You can limit ssh using /etc/hosts.deny and /etc/hosts.allow. We can use instead of this will deal with the AllowUsers feature in SSH that will limit access per user, and if desired per ip.

To enable this edit /etc/ssh/sshd_config (default location on centos servers, this may be different for you).

At the very bottom you can add

AllowUsers root

This will limit access to only user root. All other login attempts will fail. This will stop the chance of a brute force attach getting into your server as any user but root.

You can also add an IP address

AllowUsers root@115.119.26.146 admin@15.19.26.146

This above setting will allow user root from 115.119.26.146 user admin from 15.19.26.146

Restart SSHD service

You must restart SSH for the changes to take place. On centos servers that is /etc/init.d/sshd restart type service sshd restart in console/terminal or go to Restart Services >> SSH Server (OpenSSH).

Bu cevap yeterince yardımcı oldu mu?

Diğer Dökümanlar


  • cPanel accounts missing on List Accounts

    If your cPanel accounts missing on List Accounts WHM > List Accounts but It was created already. It may be corrupt the following file. Anyway, verify the following files entries. Check...

  • cPanel security settings checklist

    You always use cpanel recommended Security Settings to avoid hacking and other suspicious activity. These  cPanel Server Hardening & Security tips will help prevent from hacking. cPanel...

  • cPanel security settings checklist

    You always use cpanel recommended Security Settings to avoid hacking and other suspicious activity. These  cPanel Server Hardening & Security tips will help prevent from hacking. cPanel...

  • cPanel security settings checklist

    You always use cpanel recommended Security Settings to avoid hacking and other suspicious activity. These  cPanel Server Hardening & Security tips will help prevent from hacking. cPanel...

  • sendmail Not running with correct effective GID

    Wed Sep 04 04:11:11 2014] [error] [client 11.44.33.22] sendmail: Not running with correct effective GID.  Is sendmail binary setgid mailtrap?, It may be the problem with your sendmail binary...