Last Updated: February 25, 2016
·
62.08K
· codebison

Limit ssh access by IP address

#linux
#ssh

To limit ssh access to a linux box based on originating IP address, edit /etc/hosts.allow:

sshd : localhost : allow
sshd : 192.168.0. : allow
sshd : 99.151.250.7 : allow
sshd : mydomain.net : allow
sshd : ALL : deny

The above entry will allow ssh access from localhost, the 192.168.0.x subnet, the single IP address 99.151.250.7, and mydomain.net (assuming mydomain.net has a ptr record in place to facilitate reverse lookup). All other IP addresses will be denied access to sshd.

Notes:

  • You can allow or deny based on ip address, subnet, or hostname.
  • List rules in order of most to least specific. The file only gets read until a matching line is found, so if you start with ssdh : ALL : deny, no ssh connections will be allowed.
  • You can control access to other tcp wrapped services as well - see the hosts.allow man page for details: http://linux.die.net/man/5/hosts.allow
#linux
#ssh

Written by Cameron Oltmann

Say Thanks
Respond

Related protips

Remote Access to IPython Notebooks via SSH

302.7K
24

Access EC2 Linux box over ssh without .pem file

97.34K
22

ssh/sftp using private key

38.53K
0

Have a fresh tip? Share with Coderwall community!

Post
Post a tip
Best #Linux Authors
cheglastgnat
302.5K
#linux
#Python
#shell
barnettjw
258K
#linux
#css
#powershell
mehikmat
201.7K
#linux
#Shell
#java
sdepablos
198K
#linux
#MySQL
#Symfony2
projectcleverweb
166.4K
#linux
#javascript
#css
Related Tags
#linux
#ssh
Sponsored by
#native_company#
#native_desc#
#native_cta#
Filed Under
Tools
Awesome Job
See All Jobs
Post a job for only $299
Thanks to our sponsor
Sponsored by #native_company# — Learn More
#native_title# #native_desc#
#native_cta#