IBM Cloud Docs
Configuring SSH to listen only on a private network

Configuring SSH to listen only on a private network

You can further secure your server by running SSHd only on the backend network. Therefore, you need to connect to the VPN every time you need to access SSH.

  1. Locate the following file. Use this file to define the IP address for sshd.

    # nano /etc/ssh/sshd_config
    
  2. Locate the line that contains ListenAddress 0.0.0.0. If it begins with a '#' character, remove this character. Set the IP address to the IP that you want to listen on. You can find your internal IP address by selecting *Hardware from the IBM Cloud® console.

  3. After you make the change, restart the SSH service:

    # service sshd restart
    

Your shell window doesn't disconnect when you restart the service. Verify that you can connect to the server through the new SSH port before you exit your current shell window. If a problem occurs, SSH fails to restart and you need to connect to the server by using an alternative method.