SSH限制ip登陆

Posted 2020-12-27 weifeng1463

linux限制IP访问ssh

 

在/etc/hosts.allow输入   
(其中192.168.10.88是你要允许登陆ssh的ip,或者是一个网段192.168.10.0/24)   
sshd:192.168.10.88:allow   
    
在/etc/hosts.deny输入(表示除了上面允许的，其他的ip   都拒绝登陆ssh)   
sshd:ALL

 

更改端口
vi /etc/ssh/sshd_config
port 3333

最后一行加上ip
allowusers [email protected]   ------------------允许某个ip用什么帐户登陆

 

实际示例：

cat /etc/hosts.allow 
#
# hosts.allow    This file contains access rules which are used to
#        allow or deny connections to network services that
#        either use the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        See ‘man 5 hosts_options‘ and ‘man 5 hosts_access‘
#        for information on rule syntax.
#        See ‘man tcpd‘ for information on tcp_wrappers
#
sshd:192.168.0.0/24:allow 
sshd:172.20.18.0/24:allow 
sshd:10.8.0.0/24:allow 

 cat /etc/hosts.deny 
#
# hosts.deny    This file contains access rules which are used to
#        deny connections to network services that either use
#        the tcp_wrappers library or that have been
#        started through a tcp_wrappers-enabled xinetd.
#
#        The rules in this file can also be set up in
#        /etc/hosts.allow with a ‘deny‘ option instead.
#
#        See ‘man 5 hosts_options‘ and ‘man 5 hosts_access‘
#        for information on rule syntax.
#        See ‘man tcpd‘ for information on tcp_wrappers
#
sshd:ALL

systemctl restart sshd

验证只能内网登录 ，外网无法登录