How to open ssh port using ufw on Ubuntu/Debian Linux

last updated in Categories , , ,

How do I allow incoming SSH connections from a specific IP address or subnet on a Ubuntu or Debian Linux server using ufw? How do I open ssh port using ufw on Ubuntu or Debian server?

UFW is an acronym for uncomplicated firewall. It is used for managing a Linux firewall and aims to provide an easy to use interface for the user. In this tutorial, you will learn how to use UFW a frontend to iptables for open incoming SSH port / connection on Ubuntu Linux 16.04/18.04 LTS or Debian Linux server.
Open ssh port using ufw command

ssh is a client program for logging into a remote machine and for executing commands on a remote Linux or Unix computer. SSHD is the daemon program for ssh. Bots and unwanted people often target SSHD. Hence, you must protect your server.

Open SSH port using ufw

The syntax is as follows to open ssh port using ufw command:
sudo ufw allow ssh
OR
$ sudo ufw allow 22/tcp
One can add the comment as follows:
$ sudo ufw allow 22/tcp comment 'Open port ssh tcp port 22'
If you are running ssh on TCP port # 2222, enter:
$ sudo ufw allow 2222/tcp

How to allow incoming SSH from specific IP address

The syntax is:
$ sudo ufw allow from {IP_ADDRESS_HERE} to any port 22
To allow incoming SSH connections from a specific IP address named 202.54.1.1, enter:
$ sudo ufw allow from 202.54.1.1 to any port 22

How to allow incoming SSH from specific subnets

The syntax is:
$ sudo ufw allow from {IP_SUB/net} to any port 22
OR
$ sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp
OR
$ sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp
To allow incoming SSH connections from a specific IP subnet named 202.54.1.1/29, enter:
$ sudo ufw allow from 202.54.1.1/29 to any port 22
To allow incoming SSH connections from a specific IP subnet named 10.8.0.0/24 to 10.8.0.1 and tcp port 22, enter:
$ sudo ufw allow from 10.8.0.0/24 to 10.8.0.1 port 22 proto tcp

Limit incoming SSH port for all

Open incoming SSH but deny connections from an IP address that has attempted to initiate 6 or more connections in the last 30 seconds. The syntax is:
$ sudo ufw limit ssh
OR
$ sudo ufw limit 22/tcp

How to check the status of ufw

The syntax is:
$ sudo ufw status
Sample outputs:

Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere                  
72.14.190.12 443/tcp       ALLOW       Anywhere                  
72.14.190.12 80/tcp        ALLOW       Anywhere                  

if ufw was not enabled the output would be:

sudo ufw status
Status: inactive

To turn on UFW on with the default set of rules including open SSH port, enter:
$ sudo ufw enable
$ sudo ufw status verbose

Conclusion

You learned how to open ssh port using ufw on Ubuntu or Debian Linux server. See ufw home page here for more info.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Start the discussion at www.nixcraft.com

Historical Comment Archive

1 comment

    Still, have a question? Get help on our forum!