0

I am currently in the process of setting up and hardening a small VPS running Debian 11. I have already followed this guide, which involves some basic security measures. However, I would additionally like to limit SSH access to my home IP address and perhaps also 1 or 2 more. The issue is that my home IP is liable to change at any time.

Rather than IP addresses, I would like to whitelist one or more hostnames for SSH access. This would allow me to simply update one of my domain's DNS records whenever my home IP changes to restore my access to the VPS.

How can I do this within Debian itself without installing additional packages? Thank you so much.

-Collin

Collin
  • 141
  • 9
  • I wrote a longer explanation here https://serverfault.com/q/1109191/ on why using hostnames in firewall rules won't work as expected. - The second problem you're dealing with is that most access controls that do allow you to properly set up access controls based on hostnames will still see an incoming IP-address and will need to do a reverse lookup to get the hostname for that IP-address before they can then grant/deny access based on that hostname. You most likely don't control the reverse DNS record of the dynamic IP-address that your ISP assigns you either so that won't work. – HBruijn Sep 05 '22 at 15:19

1 Answers1

0

Try hosts.deny and hosts.allow file. You can use both ip wild card and as well as dns name wild cards.

#FILE: /etc/hosts.deny(it will deny requests from 192.168.1.* and *.abc.com for ssh)
sshd : 192.168.1. , .abc.com

#FILE: /etc/hosts.allow(it will allow requests from 192.16.1.* and *.myabc.com for ssh)
sshd : 192.16.1. , .myabc.com
asktyagi
  • 2,401
  • 1
  • 5
  • 19