Summary of several ways to limit access to sshd
- 2020-05-24 06:42:00
- OfStack
Summary of several ways to restrict access to sshd
1. Write in /etc/ hosts.allow:
in /etc/hosts.allow Write:
sshd: 1.2.3.4
in /etc/hosts.deny Write:
sshd: ALL
2. iptables also works:
iptables -I INPUT -p tcp --dport 22 -j DROP
iptables -I INPUT -p tcp --dport 22 -s 1.2.3.4 -j ACCEPT
3. Prohibit a user from logging in via ssh
in /etc/ssh/sshd_conf add
AllowUsers The user name
or
AllowGroups Group name
or
DenyUsers The user name
4. Set the login blacklist
vi /etc/pam.d/sshd
increase
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/sshd_user_deny_list onerr=succeed
all /etc/sshd_user_deny_list The user inside is rejected ssh The login
Thank you for reading, I hope to help you, thank you for your support of this site!