Restricting SSH access to a specific IP for a specific user

Valetia

Well-Known Member
Jun 20, 2002
216
10
168
cPanel Access Level
Root Administrator
Is there any way to restrict SSH access to a specific IP for just a particular user (rather than on a server-wide basis)?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

You can use a custom "AllowUsers" entry in the /etc/ssh/sshd_config file to limit access to specific IP addresses for specific users. EX:

Code:
AllowUsers [email protected] cptest1
This above entry would allow root access from IP 1.2.3.4 and the "cptest1" user access from any IP address.

Thank you.
 

Valetia

Well-Known Member
Jun 20, 2002
216
10
168
cPanel Access Level
Root Administrator
Hello :)

You can use a custom "AllowUsers" entry in the /etc/ssh/sshd_config file to limit access to specific IP addresses for specific users. EX:

Code:
AllowUsers [email protected] cptest1
This above entry would allow root access from IP 1.2.3.4 and the "cptest1" user access from any IP address.

Thank you.
Thanks Michael for your help.

Does this mean that by using this method, we will have no choice but to add every single user that has been configured via WHM to have SSH access, to the "AllowUsers" entry?

So if we had 80 cPanel users with SSH enabled, we would need to add all 80 users to the "AllowUsers" entry, in order to perform the IP restriction for a single user?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Yes, that is correct:

AllowUsers
This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. ‘*’ and ‘?’ can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form [email protected] then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
 

monarobase

Well-Known Member
PartnerNOC
Jan 26, 2010
512
3
68
France
cPanel Access Level
Root Administrator
We only allow public key authentication and for each key you can specify what IP's are allowed to use it. This means that if password authentication is disabled and your only public key for your root user is restricted to your IP that you are the only person who can log in with the root user.

This doesn't work with password auth though.