Only allow SSH keys from certain IP's

SSH keys are a great and easy way to quickly secure your server and remove the use of password authentication. It allows you to add another set of security when logging in via SSH, it also lets you allow machines talk to each other without passwords (Assuming the key isn’t password protected).

If you have machines with SSH keys logging in to eachother it’s a good idea to only allow that key from the machines IP. This can be done easily by adding the below snippet in front of your SSH keys

from="IPYouWantToLoginFrom"

This means that this key is only valid from the above listed IP, see the example below

from="192.168.0.5" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAybmcqaU/Xos/GhYCzkV+kDsK8+A5OjaK5WgLMqmu38aPo56Od10RQ3EiB42DjRVY8trXS1NH4jbURQPERr2LHCCYq6tHJYfJNhUX/COwHs+ozNPE83CYDhK4AhabahnltFE5ZbefwXW4FoKOO+n8AdDfSXOazpPas8jXi5bEwNf7heZT++a/Qxbu9JHF1huThuDuxOtIWl07G+tKqzggFVknM5CoJCFxaik91lNGgu2OTKfY94c/ieETOXE5L+fVrbtOh7DTFMjIYAWNxy4tlMR/59UVw5dapAxH9J2lZglkj0w0LwFI+7hZu9XvNfMKMKg+ERAz9XHYH3608RL1RQ==AnSSHKeyWhichIsIPProtected

The above means the SSH key can only be used from the IP 192.168.0.5 and if someone tried to login with it from another IP it wouldn’t be accepted.

James Loh

I'm a Sysadmin for a web solutions company deploying clouds across the globe. I learn new things every day.

Australia @itsjloh jloh jloh