Configuring SSH to listen only on a private network
You can further secure your server by running SSHd only on the backend network. Therefore, you need to connect to the VPN every time you need to access SSH.
-
Locate the following file. Use this file to define the IP address for
sshd
.# nano /etc/ssh/sshd_config
-
Locate the line that contains
ListenAddress 0.0.0.0
. If it begins with a '#' character, remove this character. Set the IP address to the IP that you want to listen on. You can find your internal IP address by selecting *Hardware from the IBM Cloud® console. -
After you make the change, restart the SSH service:
# service sshd restart
Your shell window doesn't disconnect when you restart the service. Verify that you can connect to the server through the new SSH port before you exit your current shell window. If a problem occurs, SSH fails to restart and you need to connect to the server by using an alternative method.