Limit specified by the user to specify IP SSH login
1. allow only specified users to log on (white list): Set AllowUsers option in / etc / ssh / sshd_config configuration file (configuration required to restart the SSHD service) in the following format: AllowUsers aliyun [email protected] # allow aliyun and from 192.168.1.1 test account login via SSH login system. 2. The only refused to specify the user to log in (blacklist): Set DenyUsers option in the / etc / ssh / sshd_config configuration file (configuration required to restart the SSHD service) in the following format: DenyUsers zhangsan aliyun #linux system account # refused zhangsan, aliyun account log in via SSH or the DenyUsers [email protected] # mayun refused to 25.12.15.2 IP account and log in via SSH
IP SSH login restrictions
In addition to prohibit a user logs in, we can for be banned from fixed IP , Linux server by setting /etc/hosts.allow and /etc/hosts.deny the two documents,
greater than hosts.deny hosts.allow license can restrict or allow certain IP address or an SSH remote login server is relatively simple, as follows:
1. vim /etc/hosts.allow, add
sshd:192.168.0.1:allow #允许 192.168.0.1 这个 IP 地址 ssh 登录 sshd:192.168.0.1/24:allow #允许 192.168.0.1/24 这段 IP 地址的用户登录
2.vim /etc/hosts.allow, add
sshd:ALL # 允许全部的 ssh 登录
hosts.allow and hosts.deny two files at the same time set the rules, hosts.allow file in the high-priority rule , after setting in accordance with this method only allows ssh server to log the IP address of 192.168.0.1, the other IP will be rejected .