How to open ssh 22TCP port using ufw on UbuntuDebian Linux

HOW TO OPEN SSH 22/TCP PORT USING UFW



WHAT IS UFW?


WHAT IS UFW

UFW stands for Uncomplicated Firewall. It is a front end to the iptables packet filtering system which you can use as an alternative to using raw iptables. It does this by providing an abstraction of the lower-level details (policies, interfaces) from network security settings thereby simplifying a workflow around configuring and maintaining working solutions for system administrators as well developers.

UFW's KEY FEATURES INCLUDE:


Application profiles: UFW ships a couple of pre-configured application profiles to cover popular applications and services like Apache or Bind.

IPv6 support: UFW supports IPv4 and IPV protocol as well so you do not have to worry for compatibility with the latest network infrastructure.

There is some specific traffic allowed, and also there is a default deny policy that will prevent all incoming traffic from the system.

Debugging and auditing — UFW logs every packet that it denies in transparent mode, as well OpenDPI application layer filtering using the LOG target built into the kernel; logging of "deny" packets also includes source addresses via syslog.

It is important because UFW makes it very easy and quick for administrators to configure a firewall on their systems to protect against unwanted traffic as well as controlling user access. UFW can reduce the complexity and mitigate these risks by providing a simple command line syntax for managing firewall rules. UFW is one of the most used tools by system administrators and Linux users.



UFW CONFIGURATION FOR SSH CONNECTIONS


UFW CONFIGURATION FOR SSH CONNECTIONS

How can I use ufw to enable inbound SSH connections on Linux servers such as Ubuntu or Debian from a given IP address or subnet? On an Ubuntu or Debian server, how do I use ufw to open the SSH 22/TCP port?

The abbreviation for simple firewall is UFW. Goal ufw is to give the user an easy interface while administering a Linux firewall. This guide will teach you how to open an incoming SSH port or connection on an Ubuntu Linux 16.04/18.04/20.04/24.04 LTS or Debian Linux Server using UFW.



HOW TO SET UP UFW ON UBUNTU/DEBIAN


HOW TO SET UP UFW ON UBUNTU_DEBIAN


SSH PORT OPENED WITH UFW


To use the ufw command to open an SSH port, the syntax is as follows:
sudo ufw allow ssh
OR
sudo ufw allow 22/tcp


The following is how one can add a comment:
sudo ufw allow 22/tcp comment 'Open port ssh tcp port 22'


Enter the following if you are using SSH on TCP port 2323:
sudo ufw allow 2323/tcp




ALLOWING SSH CONNECTIONS


In this example, I'll set up my server to accept SSH connections only from IP addresses 172.16.3.100 and 172.16.4.0/24 subnets (CIDR):
sudo ufw allow from 172.16.3.100 to any port 22
sudo ufw allow from 172.16.4.0/24 to any port 22 proto tcp


Verify it:
sudo ufw status


Status: active
To					Action			From
--					------			----
22/tcp				ALLOW			172.16.4.0/24


Try using the grep or egerp commands for filtering if you have a lot of UFW rules. For example:
sudo ufw status | grep -i -E 'ssh|22'




HOW TO ALLOW CONNECTIONS FROM A SPECIFIC IP ADDRESS TO SSH


Although the syntax is the same as before, we will also be restricting the destination IP address:
sudo ufw allow from {IP_ADDRESS_HERE} to any port 22


Enter the following to accept incoming SSH connections from the IP address 121.14.2.1:
sudo ufw allow from 121.14.2.1 to any port 22


Allow, for example, 200.106.28.0/24 to 200.106.29.1 SSH server and TCP port 22:
sudo ufw allow from 200.106.28.0/24 to 200.106.29.1 port 22 proto tcp comment 'Allow SSH'




HOW TO ACCEPT SSH CONNECTIONS FROM PARTICULAR SUBNETS


This is the syntax:
sudo ufw allow from {IP_SUB/net} to any port 22


Alternatively:
sudo ufw allow from {IP_SUB/net} to any port 22 proto tcp


With the ufw, we can also specify the IP address of the target SSH server:
sudo ufw allow from {IP_SUB/net} to {ssh-server-ip-address} port 22 proto tcp


Now that we have permitted inbound SSH connections from the IP address 220.55.1.1/29, type:
sudo ufw allow from 220.55.1.1/29 to any port 22


In the last example, open and permit SSH port connections to 10.7.0.1 with a destination TCP port 22 from a certain IP subnet, 10.7.0.0/24.
sudo ufw allow from 10.7.0.0/24 to 10.7.0.1 port 22 proto tcp




LIMIT ALL INCOMING SSH PORTS


Allow incoming SSH connections, but refuse connections from an IP address that has made at least six connection attempts in the previous 30 seconds. This is the syntax:
sudo ufw limit ssh
OR
sudo ufw limit 22/tcp




HOW TO VIEW THE UFW STATUS


This is the syntax:
sudo ufw status


Sample outputs:

Status: active

To								Action			From
--								------			----
22								ALLOW			Anywhere                  
72.14.190.12 443/tcp				ALLOW			Anywhere                  
72.14.190.12 80/tcp				ALLOW			Anywhere


if ufw was not enabled the output would be:

sudo ufw status

Status: inactive


Enter the following to activate UFW with the default rules, which include an open SSH port:

sudo ufw enable
sudo ufw status verbose




IN SUMMARY


You discovered how to use ufw on an Ubuntu or Debian Linux server to open the SSH port. If you follow these rules you can effectively use UFW to safeguard your Linux system.

FAQs

You ask, and we answer! Here are the most frequently asked questions!

  • What are the primary benefits of using UFW on Ubuntu/Debian servers?

    • UFW is a great tool for managing firewalls on Ubuntu/Debian servers, as it helps reduce the complexity of maintaining firewall rules and decrease system impact. This seems to be a very good choice for those who use Ubuntu/Debian OS, if you do not use it yet I advise because the syntax is simple and its interface user friendly.

  • How can UFW be configured to allow SSH connections only from specific IP addresses?

    • You must establish a UFW rule that lists the permitted IP addresses in order to accomplish this.
      For example:
      sudo ufw allow from 121.14.2.1 to any port 22.

  • What are some common security practices for SSH when using UFW?

    • - Using UFW rules to restrict SSH connections to particular IP addresses or subnets.
      - Limiting SSH access to an uncommon port in order to lessen brute-force assaults.
      - To lessen the attack surface, set a low timeout value for SSH sessions.

  • How do you verify that your UFW rules are correctly configured for SSH?

    • Use the command sudo ufw status to verify UFW settings. The output will display all of the rules that are currently being used (including SSH-related ones) You can also use sudo ufw display particular rules to go into a greater depth for any specific rule.

  • What are the steps to troubleshoot common UFW configuration errors?

    • 1. Review UFW logs: You can accomplish this by using the commands "sudo ufw logs" or "sudo ufw status verbose".
      2. Examine the files for UFW configuration: Make that the appropriate rules are present in the UFW configuration files and that they are formatted correctly. "/etc/ufw/ufw.conf"
      3. Verify rule ordering: UFW processes rules in the order they are listed, make sure the rule ordering is accurate. To see the rules and their order, use the command `sudo ufw show added`.

  • How can you enhance the security of SSH beyond the basic UFW settings?

    • - Use a non-standard port: To lessen the chance of brute-force assaults.
      - Limit access to specified IP addresses or networks.
      - Disable password authentication and root login.
      - Update and check your SSH server on a regular basis: Make sure you're using the most recent version of SSH.

  • What should be done if a necessary SSH connection is blocked by UFW?

    • However, if you ever lock yourself out from the server because of a firewall misconfiguration, one solution is to temporarily disable UFW with sudo ufw deactivate. This way you can eventually create the SSH connection. Allowing incoming SSH connections as follows is more secure: sudo ufw allow ssh