Do you need to open ssh 22/TCP port using ufw on Ubuntu or Debian server?
This guide will help you.
UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to configure their Server Firewall for Security enhancement purposes.
In this context, we shall look into the steps to use UFW a frontend to iptables for open incoming SSH port / connection on Ubuntu Linux 16.04/18.04 LTS or Debian Linux server.
ssh is a client program for logging into a remote machine and for executing commands on a remote Linux or Unix computer. An example of an ssh tool is Putty. SSHD is the daemon program for ssh. Bots and unwanted people often target SSHD. Hence, you must protect your server.
The command to execute is as follows to open ssh port using ufw command:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
If you are running ssh on TCP port # 2222, execute:
$ sudo ufw allow 2222/tcp
The command to execute is given below:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named "xxx.xx.x.x", run:
$ sudo ufw allow from xxx.xx.x.x to any port 22
Say you have a VPN with a public IPv4 address xxx.xx.x.x and only wanted to ssh access from that IP. Then you would run:
export VPN_IP="xxx.xx.x.x" # VPN server/client address
export SERVER_PUB_IP="xxx.xx.x.x" # server IPv4 address
export SSH_PUB_PORT="22" # server ssh port number
sudo ufw allow from $VPN_IP to "$SERVER_PUB_IP port $SSH_PUB_PORT proto tcp comment 'Only allow VPN IP to access SSH port'
The command to achieve this is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
Alternatively:
$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp
We can state destination sshd server IP too using the ufw:
$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp
Let us allow incoming SSH connections from a specific IP subnet named xxx.xx.x.x/10, enter:
$ sudo ufw allow from xxx.xx.x.x/10 to any port 22
In this final example, allow and opne SSH port connections from a specific IP subnet named xxx.xx.x.x/10 to xxx.xx.x.x and destination tcp port 22, enter:
$ sudo ufw allow from xxx.xx.x.x/10 to xxx.xx.x.x port 22 proto tcp
Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The command to implement this is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp
The command to run is:
$ sudo ufw status
if ufw was not enabled the output would be:
sudo ufw status
Status: inactive
To turn on UFW on with the default set of rules including open SSH port, execute:
$ sudo ufw enable
$ sudo ufw status verbose