How to add SSH access IP whitelist?

599 views
Skip to first unread message

Howard Kwong

unread,
May 31, 2018, 8:55:41 AM5/31/18
to gce-discussion
Hi,

I was adviced by a security vendor that I should limit the access to SSH to the GCP instance (debian in this case).
I tried adding firewall rules to deny TCP:22 access from all IP which is successful.

But I am not able to add a single IP address into the allow list. I tried to add a single IP but it seems the rule is no effective.

Any clue is much appreciated. Thanks

Kamran (Google Cloud Support)

unread,
May 31, 2018, 6:50:01 PM5/31/18
to gce-discussion
Hello Howard,

As described in this article, a rule with a deny action overrides another with an allow action only if the two rules have the same priority. Using relative priorities, it is possible to build allow rules that override deny rules, and vice versa.

Therefore, if you've created a single rule to deny all source IP addresses for TCP:22 protocol/port, then to allow a single IP to access to SSH service of the VM you will need to create the allow action rule with a higher priority. Note that lower integers indicate higher priorities.

I hope this helps.

Howard Kwong

unread,
Jun 5, 2018, 9:11:15 AM6/5/18
to gce-discussion
Thanks Kamran,

Is there a way to add just an IP instead of IP range?

Kamran (Google Cloud Support)

unread,
Jun 5, 2018, 7:55:10 PM6/5/18
to gce-discussion

Sure, you can specify just one IP address instead range(s) in source or source or destination IP ranges fields.
Reply all
Reply to author
Forward
0 new messages