How to configure SSH to listen to a specific IP address

Binding SSH to a specific IP address allows you to control which network interfaces SSH listens to on your server. This configuration is important if your server has multiple IP addresses or network interfaces. It limits SSH access to only the specified IP address, enhancing security by reducing potential entry points.

The configuration is done in the sshd_config file, which is the main configuration file for OpenSSH on most Linux distributions. By default, SSH listens on all available IP addresses and interfaces. Adjusting this behavior ensures that SSH is only accessible through the desired IP address, preventing unwanted access through other interfaces.

To bind SSH to a specific IP address, you need to modify the ListenAddress directive in the sshd_config file. This change instructs the SSH server to listen only on the specified IP address. This configuration requires careful steps to avoid losing access to the server.

1. Access your server terminal.
2. Open the sshd_config file in a text editor.

   $ sudo vi /etc/ssh/sshd_config

3. Locate the ListenAddress directive in the file.
4. Modify the IP address to the desired IP address.

   ListenAddress 192.168.1.100 

   You can specify multiple ListenAddress directives if you want the SSH server to listen on more than one IP address.

   Uncomment the ListenAddress directive if it’s commented.

5. Save and close the sshd_config file.
6. Restart the SSH service to apply the changes.

   $ sudo systemctl restart ssh

   Related: How to start, restart, and stop the SSH server service

7. Verify that SSH is listening on the specified IP address.

   $ sudo netstat -tulnp | grep ssh
   tcp 0 0 192.168.1.100:22 0.0.0.0:* LISTEN 1234/sshd

   Ensure you have access to the server through another method before making these changes, in case of misconfiguration. Losing SSH access can lock you out!