Skip to content

Server Access

Sometimes Seeweb technicians need to connect to customer servers for maintenance or to verify their correct operation. If you wish to allow this, it is important that you do not inadvertently lock them out.

ACL

Server access

You need to allow SSH or RDP access from our office networks:

  • 212.25.179.128/25
  • 85.94.206.128/26
  • 2001:4b78:1:f::/64
  • 2001:4b78:2:f::/64

Please notify us via ticket if you change the SSH or RDP port.

We also recommend not filtering ICMP echo request (PING) traffic in any way, as it is an essential tool for diagnosing connectivity issues.

Monitoring

You need to allow our monitoring server access to all monitored services, from the following IPs:

  • 212.25.160.15
  • 2001:4b78::5666

SSH access

On all Linux servers, an SSH public key is installed for the root user, which must be kept installed if you wish to allow us access to the server. We recommend not disabling direct root access, but if you find it useful you can allow it only using SSH keys, by setting the parameter PermitRootLogin without-password in /etc/ssh/sshd_config.

If root login with our public key is not allowed, you give up all our automated activities, including any emergency security updates.

To allow access to our staff, the file /root/.ssh/authorized_keys must contain our SSH certificate (for systems with RHEL/CentOS >= 7, Debian >= 8, Ubuntu >= 14.04):

cert-authority,principals="seeweb-customer",from="212.25.179.128/25,85.94.206.128/26,2001:4b78:1:f::/64,2001:4b78:2:f::/64" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOL/S1SD6hroj4Dra8wKE+5/BK+CwHzWNvQBVevyf6CT ca-2020@seeweb.it

or our SSH public key (for older systems):

from="212.25.179.128/25,85.94.206.128/26,2001:4b78:1:f::/64,2001:4b78:2:f::/64" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtsoQuq4mvgAWP6yHbdTo2aFtp4S3IbGq0vnDT5P5LqYuG50APdpY5HqPAwJ2Ct6fsyKY+TTYEQXIKfIqAt9D1Dx9mBCcHVvjjiCp0ZBNc1Hh4AEaHxJTIATcuNDdKoMVmp1QzHOIxoGQEbbKAJ97lSdpHFOnxpS9fTYyflQ1hLk= master-key@seeweb.it