Linux: Allow SSH Root Login From Specific IP with password

August 02, 2022
0

 Allow ssh root logins with password from a single IP address and disable root logins from other IP addresses.

To enable root logins via ssh, PermitRootLogin keyword has to be set to yes in the /etc/ssh/sshd_config (OpenSSH daemon configuration) file. To disable root logins, PermitRootLogin has to be set to no instead.

To allow only certain hosts or IP addresses to ssh as the root user, the Match Address keyword can be used.
The example vim /etc/ssh/sshd_config:

## Global config
PasswordAuthentication no
PermitRootLogin without-password

## Okay allow root login with public ssh key for xx.xx.xxx.xxx ##
Match Address xx.xx.xxx.xxx,xxx.xxx.xxx.xxx
    PasswordAuthentication yes
    PermitRootLogin yes

Restart sshd service:

service sshd restart

The arguments to Match (docs) are one or more criteria-pattern pairs or the single token All which matches all criteria. The available criteria are UserGroupHostLocalAddressLocalPortRDomain, and Address (with RDomain representing the rdomain(4)-(docs) on which the connection was received).







Tags
sshssh root loginsshd

You Might Like

Show more
ssh

Post a Comment

0 Comments

Post a Comment (0)

#buttons=(Ok, Go it!) #days=(20)

This site uses cookies from Google to deliver its services and analyze traffic. Your IP address and user-agent are shared with Google along with performance and security metrics to ensure quality of service, generate usage statistics, and to detect and address abuse. More Info
Ok, Go it!
Share to other apps
Copy Post link