How to bind an SSH server to a specific IP address

Binding an SSH server to a specific IP address allows you to define the network interface that SSH listens to. This is especially useful if you have multiple network interfaces or IP addresses on your server, ensuring that SSH is only accessible via the desired IP.

Most distributions come with OpenSSH as the default SSH server, and the main configuration file for OpenSSH is sshd_config. By default, SSH server listens on all available IP addresses and network interfaces.

To bind SSH to a specific IP address, you'll need to adjust the sshd_config file and specify the desired IP address using the ListenAddress directive. This ensures enhanced security and restricts unwanted access from other network interfaces.

1. Access your server terminal or SSH into it.
2. Open the SSH configuration file using a text editor.

   $ sudo nano /etc/ssh/sshd_config

3. Find the line that starts with #ListenAddress 0.0.0.0. Remove the # at the beginning to uncomment it.
4. Modify the IP address (0.0.0.0) to the desired IP address. For instance, to bind to 192.168.1.100, it should look like:

   ListenAddress 192.168.1.100

   You can specify multiple ListenAddress directives if you want the SSH server to listen on more than one IP address.

5. Save and close the configuration file.
6. Restart the SSH service to apply the changes.

   $ sudo systemctl restart sshd

   Depending on your distribution, the SSH service might be named differently, like ssh or sshd.

7. Verify that the SSH server is listening on the specified IP address.

   $ sudo netstat -tulnp | grep sshd
   tcp 0 0 192.168.1.100:22 0.0.0.0:* LISTEN 1234/sshd

   Ensure you have access to the server through another method before making these changes, in case of misconfiguration. Losing SSH access can lock you out!

With these steps completed, your SSH server should now be bound to the specific IP address you've provided, enhancing your server's security configuration.