How To Restrict SSH Access Only To Specific IPs

 

How To Restrict SSH Access Only To Specific IPs

For this tutorial we will use Linux’s host.allow and host.deny file which is pretty straight forward

 

Step 1

Now we will allow a list of known IPs who should be able to login to SSH. For that we need to add an entry to /etc/hosts.allow file, so we go ahead and open it again with your favorite editor ?

 

nano /etc/hosts.allow

and add the following lines to allow the whitelisted IP blocks to your public SSH.

 

sshd: 10.83.33.77/32, 10.63.152.9/32, 10.12.100.11/28, 10.82.192.0/28

This line will allow all the comma separated IP blocks to your SSH port

 

Note: make sure you double check the IP addresses, or you will be blocked by SSH

 

Step 2

Open up /etc/hosts.allow file using your favorite text editor

 

vi /etc/hosts.deny

and add the following lines to deny all SSH connections to your public SSH port

 

sshd: ALL

This code will block all incoming SSH requests on your SSH port

 

Regards,

 

Kon Belieu

Partner

Kon@cxit.com   |  513-575-3500

4440 Lake Forest Dr., Suite 102B, Cincinnati, OH  45242