SSH限制ip登陸

linux限制IP訪問ssh

 

在/etc/hosts.allow輸入   
(其中192.168.10.88是你要允許登陸ssh的ip,或者是一個網段192.168.10.0/24)   
sshd:192.168.10.88:allow   
    
在/etc/hosts.deny輸入(表示除了上面允許的，其他的ip   都拒絕登陸ssh)   
sshd:ALL

 

更改端口
vi /etc/ssh/sshd_config
port 3333

最后一行加上ip
allowusers root@ip   ------------------允許某個ip用什么帳戶登陸

 

實際示例：

cat /etc/hosts.allow 
#
# hosts.allow    This file contains access rules which are used to
#        allow or deny connections to network services that
#        either use the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.0.0/24:allow 
sshd:172.20.18.0/24:allow 
sshd:10.8.0.0/24:allow 

 cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a 'deny' option instead.
#
#        See 'man 5 hosts_options' and 'man 5 hosts_access'
#        for information on rule syntax.
#        See 'man tcpd' for information on tcp_wrappers
#
sshd:ALL

systemctl restart sshd

驗證只能內網登錄 ，外網無法登錄