SSH keys are a great and easy way to quickly secure your server and remove the use of password authentication. It allows you to add another set of security when logging in via SSH, it also lets you allow machines talk to each other without passwords (Assuming the key isn’t password protected).
If you have machines with SSH keys logging in to eachother it’s a good idea to only allow that key from the machines IP. This can be done easily by adding the below snippet in front of your SSH keys
This means that this key is only valid from the above listed IP, see the example below
from="192.168.0.5" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAybmcqaU/Xos/GhYCzkV+kDsK8+A5OjaK5WgLMqmu38aPo56Od10RQ3EiB42DjRVY8trXS1NH4jbURQPERr2LHCCYq6tHJYfJNhUX/COwHs+ozNPE83CYDhK4AhabahnltFE5ZbefwXW4FoKOO+n8AdDfSXOazpPas8jXi5bEwNf7heZT++a/Qxbu9JHF1huThuDuxOtIWl07G+tKqzggFVknM5CoJCFxaik91lNGgu2OTKfY94c/ieETOXE5L+fVrbtOh7DTFMjIYAWNxy4tlMR/59UVw5dapAxH9J2lZglkj0w0LwFI+7hZu9XvNfMKMKg+ERAz9XHYH3608RL1RQ==AnSSHKeyWhichIsIPProtected
The above means the SSH key can only be used from the IP 192.168.0.5 and if someone tried to login with it from another IP it wouldn’t be accepted.
I'm a Sysadmin for a web solutions company deploying clouds across the globe. I learn new things every day.
Subscribe to James Loh
Get the latest posts delivered right to your inbox