How to open ssh 22/TCP port using ufw on Ubuntu/Debian Linux

How do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw? How do I open ssh 22/TCP port using ufw on Ubuntu or Debian server?

Tutorial details
Difficulty Easy (rss)
Root privileges Yes
Requirements ufw on Ubuntu/Debian Linux
Time 5m
UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for open incoming SSH port / connection on Ubuntu Linux 16.04/18.04 LTS or Debian Linux server.

Fig.01: Allow Incoming SSH from Specific IP Address or Subnet

ssh is a client program for logging into a remote machine and for executing commands on a remote Linux or Unix computer. SSHD is the daemon program for ssh. Bots and unwanted people often target SSHD. Hence, you must protect your server.

Open SSH port using ufw

The syntax is as follows to open ssh port using ufw command:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
One can add the comment as follows:
$ sudo ufw allow 22/tcp comment 'Open port ssh tcp port 22'
If you are running ssh on TCP port # 2222, enter:
$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address

The syntax is:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:
$ sudo ufw allow from 202.54.1.1 to any port 22

Opening ssh port using ufw for VPN IP

Say you have a VPN with a public IPv4 address 139.1.2.3 and only wanted to ssh access from that IP. Then you would run:

export VPN_IP="139.1.2.3"  # VPN server/client address
export SERVER_PUB_IP="198.74.55.33"  # server IPv4 address
export SSH_PUB_PORT="22"   # server ssh port number 
sudo ufw allow from "$VPN_IP" to "$SERVER_PUB_IP" port "$SSH_PUB_PORT" proto tcp comment 'Only allow VPN IP to access SSH port'

Verify it:

sudo ufw status
sudo ufw show added

Here is the confirmation:

Added user rules (see 'ufw status' for running firewall):
ufw allow from 139.1.2.3 to 198.74.55.33 port 22 proto tcp comment 'Only allow VPN IP to access SSH port'

How to allow incoming SSH from specific subnets

The syntax is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
Alternatively:
$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp
We can state destination sshd server IP too using the ufw:
$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp
Let us allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:
$ sudo ufw allow from 202.54.1.1/29 to any port 22
In this final example, allow and opne SSH port connections from a specific IP subnet named 10.8.0.0/24 to 10.8.0.1 and destination tcp port 22, enter:
$ sudo ufw allow from 10.8.0.0/24 to 10.8.0.1 port 22 proto tcp

Limit incoming SSH port for all

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp

How to check the status of ufw

The syntax is:
$ sudo ufw status
Sample outputs:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
72.14.190.12 443/tcp       ALLOW       Anywhere                  
72.14.190.12 80/tcp        ALLOW       Anywhere                  

if ufw was not enabled the output would be:

sudo ufw status
Status: inactive

To turn on UFW on with the default set of rules including open SSH port, enter:
$ sudo ufw enable
$ sudo ufw status verbose

Conclusion

You learned how to open ssh port using ufw on Ubuntu or Debian Linux server. See ufw home page here for more info.


🐧 Please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Problem posting comment? Email me @ webmaster@cyberciti.biz