SSHD: Allow SSH Connections from localhost only
I am doing some MPI development on my notebook using the MPICH MPI implementation. This implementation needs an rsh/ssh connection to work properly. I was reluctant to run a full sshd instance on my notebook as I didn’t want to open up port 22 to the world to attempt to gain access (even with password authentication disabled, root login disabled, etc.). I did some digging and found that the sshd_config setting 'ListenAddress' would allow me to force sshd to bind to the interface associated with the specified address. So, for example:
ListenAddress 127.0.0.1
tells sshd to bind to lo, the loopback device. This means connections over eth* and wlan* will not work as sshd isn’t even listening on these interfaces. As far as I can tell this will do exactly what I’m looking for as I only want ssh working on my local machine and not over interfaces other than lo.
