CentOS SSH login restricts IP and users

Set SSH under CentOS to only allow specific users to log in from specific IPs, and other unauthorized users and IPs cannot log in.

Demo environment

192.168.1.81：CentOS 6

192.168.0.222：Win 10

192.168.1.135：Win 8.1

Without any settings, both 192.168.0.222 and 192.168.1.135 can log in to 192.168.1.81.
192.168.0.222

192.168.1.135

Example 1: Only 192.168.0.222 is allowed to log in to 192.168.1.81

# vim /etc/hosts.allowAdd the last line:
sshd:192.168.0.222:allow //Multiple IPs can be written in multiple lines in this format
# vim /etc/hosts.denyAdd the last line:
sshd:ALL //Except the IPs allowed to log in above, all other IPs are denied login<br> # service sshd restart
192.168.0.222 can log in normally

192.168.1.135 cannot log in normally

Example 2: Only hosts in the 192.168.1 network segment are allowed to log in to 192.168.1.81

# vim /etc/hosts.allowAdd the last line
sshd:192.168.1.*:allow

# vim /etc/hosts.denyAdd the last line:
sshd:ALL

# service sshd restart
192.168.0.222 cannot log in normally

192.168.1.135 can log in normally

Example 3: Only allow 192.168.0.222 to log in as the keyso user and 192.168.1.135 to log in to 192.168.1.81 as the root user

# vim /etc/ssh/sshd_configAdd the last line
AllowUsers [email protected] [email protected] //Use spaces to separate multiple usernames@IP

# service sshd restart
192.168.0.222 cannot log in normally as the default root user

192.168.0.222 Can log in normally as keyso user

192.168.1.135 You can log in normally as the default root user

The above is the detailed content of CentOS SSH login restricts IP and users. For more information, please follow other related articles on the PHP Chinese website!