Today I configured a new backup solution that required me to restrict root ssh access to a single IP for the root user.
I got this to work by going the following steps (on Raspbian GNU/Linux 9):
- login via ssh on the machine to access via root
- modify the /etc/ssh/sshd_config like that:
$> sudo nano /etc/ssh/sshd_config
- add the following lines to the end of the file:
# change the ssh port to 666 Port 666 # disallow root access for everyone# PermitRootLogin no # allow root access for the IP 184.108.40.206 only Match Address 220.127.116.11 PermitRootLogin yes
As you can see, I additionally changed the default ssh port from 22 to 666 for a little bit more confusion of potential hackers 😉
after saving the file (Ctrl+o and Ctrl+x), I validated the configuration by:
- and finally I restarted the ssh daemon by:
sudo /etc/init.d/ssh reload
That’s how to restrict root ssh access to a single IP under Raspbian! Afterwards I could only login from the machine 18.104.22.168 using the root user.