通过host.allow和hosts.deny限制特定IP来ssh登陆服务器

通过host.allow和hosts.deny限制特定IP来ssh登陆服务器

[root@cacti vhost]# cat /etc/hosts.allow

hosts.allow This file contains access rules which are used to

allow or deny connections to network services that

either use the tcp_wrappers library or that have been

started through a tcp_wrappers-enabled xinetd.

See ‘man 5 hosts_options’ and ‘man 5 hosts_access’

for information on rule syntax.

See ‘man tcpd’ for information on tcp_wrappers

sshd:104.207.48.234
sshd:192.168.1.203
sshd:172.168.10.20

作用:允许外网IP:104.207.48.234 通过sshd登陆服务器
允许内网IP:192.168.1.203/172.168.10.20通过sshd登陆服务器

然后再拒绝其他ip访问本机
[root@cacti vhost]# grep sshd /etc/hosts.deny
sshd:ALL

此方法可以结合openvpn方式一块使用,实现openvpn拨号,让其他所有服务器的/etc/hosts.allow 都允许openvpn服务器上的外网IP ssh访问.

posted @ 2018-01-01 20:47  勤奋的蓝猫  阅读(14)  评论(0编辑  收藏  举报  来源