Limit Shell Access by IP address

Limit ssh access by IP address linux ssh
To limit ssh access to a linux box based on originating IP address, edit /etc/hosts.allow:

sshd : localhost : allow
sshd : 192.168.0. : allow
sshd : : allow
sshd : : allow
sshd : ALL : deny

The above entry will allow ssh access from localhost, the 192.168.0.x subnet, the single IP address, and (assuming has a ptr record in place to facilitate reverse lookup). All other IP addresses will be denied access to sshd.

You can allow or deny based on ip address, subnet, or hostname. List rules in order of most to least specific. The file only gets read until a matching line is found, so if you start with ssdh : ALL : deny, no ssh connections will be allowed.


Comments are closed

Latest Comments

No comments to show.