Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

SSH Login Lockdown

Featured Replies

Currently I have my router (Cheap POS AT&T uverse router) setup for port forwarding to my unraid server for remote SSH administration. While checking through the logs i have seen about 20 attempts to log into root through SSH from random IP addresses. I have set static amount of locations that I will ever do remote administration from and I know each locations exit IP. My question is "How do i only allow remote connections to my server from specific public IP addresses, preferably by port? That way i can only allow SSH and Web administration from my IP addresses but still be able to share out my Plex to whomever is authenticated through Plex(port 32400)"

You may be able to lock down ssh via /etc/hosts.allow and /etc/hosts.deny.

You cannot lock down emhttp the same way.

 

Therefore I would suggest you do the lock down and ip validation for these ports directly on your router.

 

It's probably not a bad idea to run ssh on a nonstandard, high numbered port.

 

Sent from a phone, sorry for any typos

 

 

Wouldn't you be better off closing port 22 and using some type or remote access into another computer on your network and perform your administration from ther?

  • Author

Wouldn't you be better off closing port 22 and using some type or remote access into another computer on your network and perform your administration from ther?

 

This is how i was doing my administration (through teamviewer) but i ran into issues where I needed to get to my server and teamviewer wasn't working on my home pc for whatever reason. Also I would prefer to have the clipboard functionality. Remote web administration isn't a requirement, just something that would be nice to have.

 

It's probably not a bad idea to run ssh on a nonstandard, high numbered port.

 

Sent from a phone, sorry for any typos

 

 

I didnt think about this, Ill have to read up on how to do that.

 

 

 

You may be able to lock down ssh via /etc/hosts.allow and /etc/hosts.deny.

You cannot lock down emhttp the same way.

 

Therefore I would suggest you do the lock down and ip validation for these ports directly on your router.

 

 

Ill try out the hosts files and see if that works. I may end up having to buy a cheap router and loading up DDWRT for the rest of it then.

For remote web adminstration I used squid to proxy my http via ssh.

 

I use SecureCRT on my windows desktop,

I set up secure CRT localhost port 3128 to forward through the SSH tunnel to the remote machine's 3128.

I then set up a separate browser (firefox) to proxy all http to localhost 3128.

Squid is running on remote machine's 3128 and proxy's all http locally in that network.

 

In my setup I have the SSH daemon set up with specific addresses in the /etc/hosts.allow file.

 

There are probably better ways, that's how I've been doing it for years.

 

Archived

This topic is now archived and is closed to further replies.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.