Of Stack

Summary of several ways to limit access to sshd

  • 2020-05-24 06:42:00
  • OfStack

Summary of several ways to restrict access to sshd

1. Write in /etc/ hosts.allow: 


 in /etc/hosts.allow Write: 
sshd: 1.2.3.4
 in  /etc/hosts.deny  Write: 
sshd: ALL

2. iptables also works: 


iptables -I INPUT -p tcp --dport 22 -j DROP
iptables -I INPUT -p tcp --dport 22 -s 1.2.3.4 -j ACCEPT

3. Prohibit a user from logging in via ssh 


 in /etc/ssh/sshd_conf add 
AllowUsers  The user name 
 or 
AllowGroups  Group name 
 or 
DenyUsers  The user name

4. Set the login blacklist 


vi /etc/pam.d/sshd
 increase 
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed
 all /etc/sshd_user_deny_list The user inside is rejected ssh The login

Thank you for reading, I hope to help you, thank you for your support of this site!

Related articles: