SSH限制ip登陸
阿新 • • 發佈:2018-08-04
fig acc inux have ref 是你 net linux allow
linux限制IP訪問ssh
在/etc/hosts.allow輸入
(其中192.168.10.88是你要允許登陸ssh的ip,或者是一個網段192.168.10.0/24)
sshd:192.168.10.88:allow
在/etc/hosts.deny輸入(表示除了上面允許的,其他的ip 都拒絕登陸ssh)
sshd:ALL
更改端口
vi /etc/ssh/sshd_config
port 3333
最後一行加上ip
allowusers root@ip ------------------允許某個ip用什麽帳戶登陸
實際示例:
cat /etc/hosts.allow # # hosts.allow Thisfile contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See ‘man 5 hosts_options‘ and ‘man 5 hosts_access‘ # for information on rule syntax. # See‘man tcpd‘ for information on tcp_wrappers # sshd:192.168.0.0/24:allow sshd:172.20.18.0/24:allow sshd:10.8.0.0/24:allow
cat /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a ‘deny‘ option instead. # # See ‘man 5 hosts_options‘ and ‘man 5 hosts_access‘ # for information on rule syntax. # See ‘man tcpd‘ for information on tcp_wrappers # sshd:ALL
systemctl restart sshd
驗證只能內網登錄 ,外網無法登錄
SSH限制ip登陸