Restrict SSH Access by IP Address on Linux


Opening SSH to the outside world on your home LAN is a convenience if you are away from home, but a security liability. Here is how to restrict SSH access to certain IP addresses on and off your home LAN.

  1. Edit the /etc/hosts.allow file to include these lines, assuming your home LAN is on the 192.168.4.x nonrouting IP
    block, and your work address is on the routing 1.1.1.x
    IP block: Remember to add the period on the end of each
    incomplete IP number.
    If you have another complete IP address or range, add a
    space and that range on the end.

    # allow ssh login from home LAN and work LAN
    sshd,sshdfwd-X11: 192.168.4. 1.1.1.x.

  2. Edit your /etc/hosts.deny file to include this line:


  3. These lines refuse SSH connections from anyone not in the IP address blocks listed.

Log out and then try logging back in to test your
configuration. Good luck!

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles


  One way to stop one of the more basic attacks on a server is mod_evasive.This how-to...


EXPLOIT REMOVAL INSTRUCTIONS ON NON-VPS SERVER (Linux/Unix):1. Execute the following 3 command...

Modsecurity 2 [Anti Exploits]

Please review This an tutorial for Server...