Today I configured a new backup solution that required me to restrict root ssh access to a single IP for the root user.
I got this to work by going the following steps (on Raspbian GNU/Linux 9):
- login via ssh on the machine to access via root
- modify the /etc/ssh/sshd_config like that:
Shell1$> sudo nano /etc/ssh/sshd_config
- add the following lines to the end of the file:
123456789# change the ssh port to 666Port 666# disallow root access for everyone#PermitRootLogin no# allow root access for the IP 188.8.131.52 onlyMatch Address 184.108.40.206PermitRootLogin yes
As you can see, I additionally changed the default ssh port from 22 to 666 for a little bit more confusion of potential hackers 😉
after saving the file (Ctrl+o and Ctrl+x), I validated the configuration by:1sshd -T
- and finally I restarted the ssh daemon by:
1sudo /etc/init.d/ssh reload
That’s how to restrict root ssh access to a single IP under Raspbian! Afterwards I could only login from the machine 220.127.116.11 using the root user.