×



Do you need to open ssh 22/TCP port using ufw on Ubuntu or Debian server?

This guide will help you.

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to configure their Server Firewall for Security enhancement purposes.
In this context, we shall look into the steps to use UFW a frontend to iptables for open incoming SSH port / connection on Ubuntu Linux 16.04/18.04 LTS or Debian Linux server.


More information about SSH client?

ssh is a client program for logging into a remote machine and for executing commands on a remote Linux or Unix computer. An example of an ssh tool is Putty. SSHD is the daemon program for ssh. Bots and unwanted people often target SSHD. Hence, you must protect your server.


How to Open SSH port using ufw?

The command to execute is as follows to open ssh port using ufw command:

sudo ufw allow ssh

OR

$ sudo ufw allow 22/tcp

If you are running ssh on TCP port # 2222, execute:

$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address?

The command to execute is given below:

$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22

To allow incoming SSH connections from a specific IP address named "xxx.xx.x.x", run:

$ sudo ufw allow from xxx.xx.x.x to any port 22

How to open ssh port using ufw for VPN IP?

Say you have a VPN with a public IPv4 address xxx.xx.x.x and only wanted to ssh access from that IP. Then you would run:

export VPN_IP="xxx.xx.x.x"  # VPN server/client address
export SERVER_PUB_IP="xxx.xx.x.x"  # server IPv4 address
export SSH_PUB_PORT="22"   # server ssh port number 
sudo ufw allow from $VPN_IP to "$SERVER_PUB_IP port $SSH_PUB_PORT proto tcp comment 'Only allow VPN IP to access SSH port'

How to allow incoming SSH from specific subnets?

The command to achieve this is:

$ sudo ufw allow from {IP_SUB/net} to any port 22

Alternatively:

$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp

We can state destination sshd server IP too using the ufw:

$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp

Let us allow incoming SSH connections from a specific IP subnet named xxx.xx.x.x/10, enter:

$ sudo ufw allow from xxx.xx.x.x/10 to any port 22

In this final example, allow and opne SSH port connections from a specific IP subnet named xxx.xx.x.x/10 to xxx.xx.x.x and destination tcp port 22, enter:

$ sudo ufw allow from xxx.xx.x.x/10 to xxx.xx.x.x port 22 proto tcp

How to Limit incoming SSH port for all?

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The command to implement this is:

$ sudo ufw limit ssh

OR

$ sudo ufw limit 22/tcp

How to check the status of ufw?

The command to run is:

$ sudo ufw status

if ufw was not enabled the output would be:

sudo ufw status
Status: inactive

To turn on UFW on with the default set of rules including open SSH port, execute:

$ sudo ufw enable
$ sudo ufw status verbose

[Need urgent Linux support? We are available to help you.]


Conclusion


More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com