The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restricting SSH access to a specific IP for a specific user

Discussion in 'Security' started by Valetia, Jan 1, 2014.

  1. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Is there any way to restrict SSH access to a specific IP for just a particular user (rather than on a server-wide basis)?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    You can use a custom "AllowUsers" entry in the /etc/ssh/sshd_config file to limit access to specific IP addresses for specific users. EX:

    Code:
    AllowUsers root@1.2.3.4 cptest1
    This above entry would allow root access from IP 1.2.3.4 and the "cptest1" user access from any IP address.

    Thank you.
     
  3. Valetia

    Valetia Well-Known Member

    Joined:
    Jun 20, 2002
    Messages:
    207
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    Root Administrator
    Thanks Michael for your help.

    Does this mean that by using this method, we will have no choice but to add every single user that has been configured via WHM to have SSH access, to the "AllowUsers" entry?

    So if we had 80 cPanel users with SSH enabled, we would need to add all 80 users to the "AllowUsers" entry, in order to perform the IP restriction for a single user?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, that is correct:

     
  5. monarobase

    monarobase Well-Known Member

    Joined:
    Jan 26, 2010
    Messages:
    503
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    France
    cPanel Access Level:
    Root Administrator
    We only allow public key authentication and for each key you can specify what IP's are allowed to use it. This means that if password authentication is disabled and your only public key for your root user is restricted to your IP that you are the only person who can log in with the root user.

    This doesn't work with password auth though.
     
Loading...

Share This Page