Recital

Login Register

HOWTO: Restrict ssh access by IP Address and/or username

Opening SSH to the outside world is a security risk. Here is how to restrict SSH access to certain IP addresses on a machine.

  1. Edit the /etc/hosts.allow file to include these lines, assuming your machine is on the 192.168.2.x nonrouting IP block, and you want to enable an external address of 217.40.111.121 IP block: Remember to add the period on the end of each incomplete IP number. If you have another complete IP address or range, add a space and that range on the end.

    sshd,sshdfwd-X11: 192.168.2. 217.40.111.121
  2. Edit your /etc/hosts.deny file to include this line:

    sshd,sshdfwd-X11:ALL 
  3. These lines refuse SSH connections from anyone not in the IP address blocks listed.

Additionally you can restrict SSH access by username.

  1. Edit the /etc/ssh/sshd_config file and add the following lines

    PermitRootLogin no
    AllowUsers      user1 user2 user3 etc
    PasswordAuthentication yes

Now restart the ssh daemon for these changes to take effect

service sshd restart




Twitter

Copyright © 2019 Recital Software Inc.

Login

Register

User Registration
or Cancel