How to restrict SSH access only to specific IPs

How to restrict SSH access only to specific IPs


Once your IP is public it gets attention from so many bots on the internet that do brute force and dictionary attacks to “guess” your passwords so it is always best to lock SSH access to a list of your trusted static IPs (such as your companies VPN IPs

For this tutorial, we will use Linux’s host. allow and host. deny file which is pretty straight forward

Step 1– Now we will allow a list of known IPs who should be able to login to SSH. For that we need to add an entry to /etc/hosts. allow file, so we go ahead and open it again with your favorite editor?

vi /etc/hosts.allow

and add the following lines to allow the whitelisted IP blocks to your public SSH.


This line will allow all the comma-separated IP blocks to your SSH port

Note: make sure you double-check the IP addresses, or you will be blocked by SSH

Step 2– Open up /etc/hosts.allow files using your favorite text editor

vi /etc/hosts.deny

and add the following lines to deny all SSH connections to your public SSH port

sshd: ALL

This code will block all incoming SSH requests on your SSH port

Conclusion– That’s it. This will protect you from brute force attacks and messages like “There was 9999 failed login attempt since the last successful login.”

Leave a Reply