Skip to main content

Restricting access to ssh by ip

I bought a static ip from the provider and decided to allow access to ssh from this ip only. The advantages are obvious: no one except me can connect to your server via ssh. No one can pick passwords. And fail2ban becomes unnecessary. :) In short, from static ip some solid pluses.

Method one. Specifying the allowed ip in the /etc/hosts.allow file. Write the following line in it:

  SSHD: replace with your ip address.

Open the following file - /etc/hosts.deny and put it there:


Now restart ssh with the service ssh restart command.

The second way. Restricting access by ip using iptables.

If you have an open firewall, then you need to allow access only from your ip and close for the rest. replace with your ip.

 iptables -A INPUT -s -p tcp --dport 22 -j accept
 iptables -A INPUT -p tcp --dport 22 -j DROP

If the firewall is closed, you only need to allow access to yourself.

 iptables -A INPUT -s -p tcp --dport 22 -j accept

In both cases, needs to be replaced with your ip.

How do you rate the article?
Звёзд: 1Звёзд: 2Звёзд: 3Звёзд: 4Звёзд: 5 ( 4 ratings, average: 4.50 out of 5)

” 10 Comments “ Restricting access to ssh by ip

  1. Unbelievable, but it is a fact
    Prior to that, edited files by sshd
    All do not care

    I went to the server, LOCAL under X, edited the file again
    Outcome: Everything EARNED

    There are miracles

    1. Well, this can be explained only by the fact that no new parameters were applied to the current connection. And for the new was to earn.

  2. nano /etc/apache2/conf-enabled/phpmyadmin.conf

    to insert
    Order deny, allow
    deny from all
    # IP list with a space from which access is allowed
    Allow from

  3. in the iptables rule, the word accept in large letters, the variant you write will give an error (Couldn't load target `accept ': No such file or directory)

Add a comment

Your email will not be published.