Restrict SSH connections to wireguard cidr
Except on home server, still handy to connect on same network.
This commit is contained in:
parent
a6a3982cc8
commit
9c0682ef9b
3 changed files with 6 additions and 1 deletions
1
ansible/group_vars/all/ssh.yml
Normal file
1
ansible/group_vars/all/ssh.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
expose_ssh: false
|
1
ansible/host_vars/intersect.yml
Normal file
1
ansible/host_vars/intersect.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
expose_ssh: true
|
|
@ -2,8 +2,11 @@
|
||||||
# Change to a high/odd port if this server is exposed to the internet directly
|
# Change to a high/odd port if this server is exposed to the internet directly
|
||||||
Port 7743
|
Port 7743
|
||||||
|
|
||||||
# Deny all other users besides the following
|
{% if expose_ssh %}
|
||||||
AllowUsers {{ user }}
|
AllowUsers {{ user }}
|
||||||
|
{% else %}
|
||||||
|
AllowUsers {{ user }}@{{ wireguard.cidr }}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Bind to all interfaces (change to specific interface if needed)
|
# Bind to all interfaces (change to specific interface if needed)
|
||||||
ListenAddress 0.0.0.0
|
ListenAddress 0.0.0.0
|
||||||
|
|
Loading…
Reference in a new issue