通过host.allow和hosts.deny限制特定IP来ssh登陆服务器
通过host.allow和hosts.deny限制特定IP来ssh登陆服务器
[root@cacti vhost]# cat /etc/hosts.allow
hosts.allow This file contains access rules which are used to
allow or deny connections to network services that
either use the tcp_wrappers library or that have been
started through a tcp_wrappers-enabled xinetd.
See ‘man 5 hosts_options’ and ‘man 5 hosts_access’
for information on rule syntax.
See ‘man tcpd’ for information on tcp_wrappers
sshd:104.207.48.234
sshd:192.168.1.203
sshd:172.168.10.20
作用:允许外网IP:104.207.48.234 通过sshd登陆服务器
允许内网IP:192.168.1.203/172.168.10.20通过sshd登陆服务器
然后再拒绝其他ip访问本机
[root@cacti vhost]# grep sshd /etc/hosts.deny
sshd:ALL
此方法可以结合openvpn方式一块使用,实现openvpn拨号,让其他所有服务器的/etc/hosts.allow 都允许openvpn服务器上的外网IP ssh访问.