Restrict SSH connections to wireguard cidr

Except on home server, still handy to connect on same network.
This commit is contained in:
Jake Howard 2020-07-12 17:53:02 +01:00
parent a6a3982cc8
commit 9c0682ef9b
Signed by: jake
GPG key ID: 57AFB45680EDD477
3 changed files with 6 additions and 1 deletions

View file

@ -0,0 +1 @@
expose_ssh: false

View file

@ -0,0 +1 @@
expose_ssh: true

View file

@ -2,8 +2,11 @@
# Change to a high/odd port if this server is exposed to the internet directly # Change to a high/odd port if this server is exposed to the internet directly
Port 7743 Port 7743
# Deny all other users besides the following {% if expose_ssh %}
AllowUsers {{ user }} AllowUsers {{ user }}
{% else %}
AllowUsers {{ user }}@{{ wireguard.cidr }}
{% endif %}
# Bind to all interfaces (change to specific interface if needed) # Bind to all interfaces (change to specific interface if needed)
ListenAddress 0.0.0.0 ListenAddress 0.0.0.0