If you have come across this article, chances are you are having issues accessing SSH (Secure Shell) on your recently acquired Tempest dedicated server after installing a Linux OS.
By default, Tempest drops all traffic towards your server. This is done to allow customers to configure their firewall exactly to their needs. Not only is this developed to keep your services more secure, but also to help prevent network attacks against your services. Due to this default drop-all rule, new customers will need to whitelist their SSH (Secure Shell) port in the Tempest Firewall.
In this guide, we will be going over two different ways to accomplish this with either IP Whitelisting, and Port Whitelisting.
IP Whitelisting your SSH Port
IP Whitelisting is the most secure way to access SSH. IP Whitelisting means that our firewall will only allow the IP whitelisted to access the port, and prevent all other traffic from accessing the port.
Before starting, you will need to find your public IPv4 IP. This can quickly be done by using google and searching "What is my IP". Google should provide you a small box with your public IP address like the image below :
Please note, you will need to make sure that you use your PUBLIC IP address. Many customers attempt to whitelist their PRIVATE IP address from Command Prompt. This will not work.
Once you have your public IP address, head over to the Tempest Firewall found HERE. You will need to make sure that you are logged into your Tempest Portal account to access the Firewall Manager.
Once you have accessed the Tempest Firewall Manager, you will need to make sure you are selecting your services IP in the box highlighted :
Now that you have your service selected, and the correct service IP, you will want to click the "Create Rule" button. From here, you will want to use the following settings :
| Option | Input | Notes |
|---|---|---|
| Rule Name | SSH - IP Specific | This name is used for your own documentation. This can be changed. |
| Source IP | XXX.XXX.XXX.XXX/32 | You will place your PUBLIC IP here, with /32 at the end. THIS IS NOT YOUR SERVER IP. |
| Protocol | TCP | |
| SRC Port | EMPTY | Leave this empty, as SSH will use random source ports |
| DST Port | 22 | This is your SSH port. Default is 22. |
| Action | Allow |
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the SSH port will be whitelisted to your IP!
Global Whitelisting of SSH Port
Global Whitelisting is a less secure way of whitelisting your SSH port. By setting a global whitelist, any IP is able to access your SSH port. While this does not mean they have access to your service, if your password is compromised, anyone will be able to access your SSH. Attackers may abuse this fact to cause SSH to temporarily lock out connections due to too many failed login attempts.
Following the same steps as above, you will want to access your Tempest Firewall Manager. When creating your firewall rule, use the following settings :
| Option | Input | Notes |
|---|---|---|
| Rule Name | SSH - Enabled | This name is used for your own documentation. This can be changed. |
| Source IP | 0.0.0.0/0 | 0.0.0.0/0 will allow any IP. |
| Protocol | TCP | |
| SRC Port | EMPTY | Leave this empty, as SSH will use random source ports |
| DST Port | 22 | This is your SSH port. Default is 22. |
| Action | Allow |
Once done, click the "Create" button, and the firewall rule will be created! Please allow 15-45 minutes for the firewall rule to propagate across our global network, and once that timeframe is up, the SSH port will be whitelisted globally!
Please note, when creating a global rule, you should always apply one of our application filters to protect your ports! Using our TCP Symmetric filter on your SSH port is highly recommended!
