Securing SSH with a Firewall

When you connect a server, HeatShield automatically configures a firewall rule to allow access to the standard SSH port (22) from any IP address.

To change this rule, you can use a custom ruleset.

Limiting SSH to a Set of IP Addresses

If you want to allow SSH access from only a specific set of IP addresses, you can easily create a new ruleset in HeatShield.

If you haven't upgraded this server yet, do so now. Once you've upgraded, you'll be able to use custom rulesets on this server.

First, open your Rulesets page and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new SSH rule by selecting the policy, the destination, and the source.

Since you'll only be customizing the source, set the Policy to Allow and the Destination to SSH.

Select Custom from the Source dropdown and enter the IP address you would like to allow SSH access from. Click Add.

Repeat this step for each of the IP addresses you want to allow SSH access from.

If you would like to create a rule for a range of IP addresses, you must use CIDR notation; for example, 10.0.0.0/8 means any 10.* address (10.0.0.0-10.255.255.255).

HeatShield will automatically save any additions or deletions you make to this ruleset.

Changing the SSH Port

If you customized your server's SSH configuration to listen on a nonstandard port, you can easily create a ruleset to allow access to this port.

First, open your Rulesets page in HeatShield and click Create Ruleset.

Next, name your ruleset and click Create Ruleset.

Now, create a new SSH rule by selecting the policy, the destination, and the source.

Since you'll only be customizing the destination, set the Policy to Allow and the Source to Any.

Select Custom from the Destination dropdown and enter your new SSH port. Click Add.

HeatShield will autosave your ruleset.

Applying an SSH Ruleset

To apply an SSH ruleset to your server, open your server in HeatShield.

Select your custom SSH ruleset from the drop-down list and click Apply Ruleset.

Then, click Remove next to the default SSH ruleset.

Your new ruleset will now be applied to your server.

Remember, you can create any number of rulesets that can be applied to multiple upgraded servers, and each server can have multiple rulesets applied to it.

Last updated: August 29, 2016

Still Have Questions?

Don't hesitate to contact us if you can't find the answers to your questions.