8. Configure your VM sshd to listen ONLY to your ZeroTier private IP address. Repeat step 2, notice the difference.


Public IP vs Private IP

A public IP address identifies you to the Internet so that all the information you’re searching for can find you. A private IP address is used within a private network to connect securely to other devices within that same network.
The use of a private IP address is more secure than the use of a public IP address, as private IP addresses are not directly visible on the Internet. When using a public IP address, measures are required to provide additional security for the computer or server that are exposing their services to the Internet i.e. limit administrative/mgt-control services port exposure.

How to configure VM sshd to listen only to ZeroTier private IP address?

We can reduce the attack surface of the VM by forcing sshd to listen only to the ZeroTier private IP address. This can be achieved using ListenAddress option. It specifies the local addresses sshd should listen on. If this directive is skipped from the configuration file, sshd will bind or list on all available IP address.
Step 1: Open sshd_config using the command sudo nano /etc/ssh/sshd_config
Step 2: Specify the private IP address with ListenAddress.
notion image
Step 3: Save and close the file.
Step 4: Restart the sshd using the command sudo systemctl restart sshd.
Step 5: Verify that sshd is only listing to specified IP address.
notion image
Now, the VM sshd will listen only to ZeroTier private IP address.

Before vs After

By default, the sshd listens to requests on all IP addresses. This meant that you could SSH into the VM from any IP address. This makes it easy for an attacker to infiltrate the machine as he/she could directly access the VM from the public IP. However, after configuring the sshd, we have now restricted SSH traffic only through a single IP address, which is the ZeroTier private IP address. As a result, any attempt to SSH into the VM via any other IP address will fail.
An example of an attempt to SSH into the VM using the public IP address after configuring sshd:
notion image
As shown in the screenshot above, the attempted connection was refused.
The only way to SSH into the VM was by using the private IP address as shown below:
notion image
Before joining ZeroTier/configuring sshd, we can see that there are many brute-force attempts on the VM every few seconds. This is because we are using a public IP and the sshd is listening on all IP addresses. By using a public IP, the VM is easily accessible as there are no SSH restrictions in place.
notion image
However, after joining the ZeroTier private network and configuring the sshd to listen only to a single IP address, no brute-force attempts could be found in the logs afterwards. Only my SSH login was found in the logs.
Through the use of ZeroTier and configuration of sshd, attackers will need to attack the jump point instead of directly accessing the VM from public IP. This reduces attack surface as the number of points that the attacker can use to access the VM has been reduced. Effectively, one has to attack that authorization &/or ZeroTier. Through this experiment, it shows the importance of having a secure network through the use of SDN.