If you want to block access to the local LAN only, then that is correct. My best suggestion would be to secure your SSH and thus not worry so much if it's accessed by some other host on the network. If you restrict it to one user, have a very secure password and/or SSH key only then your attack surface is relatively limited. But that's a personal choice ultimately.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to avahi in Ubuntu. https://bugs.launchpad.net/bugs/1698317 Title: AllowUsers *@*.local in /etc/ssh/sshd_config does not work Status in avahi package in Ubuntu: Invalid Status in openssh package in Ubuntu: Invalid Bug description: I installed Ubuntu Mate 16.04 on two of my computers. The software has been brought uptodate to at least May 2017. They are both on my local wifi network and should both be using Zeroconf/Avahi/Bonjour. I have the same username on both machines. I copied /usr/share/doc/avahi-daemon/examples/ssh.service to /etc/avahi/services $ sudo service avahi-daemon restart I installed sshd on "faustino" $ sudo apt-get install openssh-server With the default /etc/ssh/sshd_config I can succesfully ssh to faustino thus $ ssh -v localhost /* from faustino */ $ ssh -v faustino.local /* from faustino */ $ ssh -v faustino.local /* from the other computer */ I modified /etc/ssh/sshd_config) to add LogLevel VERBOSE PermitRootLogin no AllowUsers *@*.local $ sudo systemctl restart ssh Now I get, for example $ ssh faustino.local [email protected]'s password: Permission denied, please try again. That fails from the same machine, from another machine and if I try ssh localhost. All those worked before I put those directives in. I expected all attempts to ssh from .local addresses to work and all others to fail. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1698317/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
