Linux下防止未授權IP使用ssh服務

Linux下防止未授權IP使用ssh服務

方法一

iptables -A INPUT -p tcp -s 192.168.0.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s ! 127.0.0.1 --destination-port 22 -j DROP

方法二

[root@nihao ~]# more /etc/hosts.deny

#

# hosts.deny This file describes the names of the hosts which are

# *not* allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

# The portmap line is redundant, but it is left to remind you that

# the new secure portmap uses hosts.deny and hosts.allow. In particular

# you should know that NFS uses portmap!

sshd: ALL : deny

[root@nihao ~]# more /etc/hosts.allow

#

# hosts.allow This file describes the names of the hosts which are

# allowed to use the local INET services, as decided

# by the '/usr/sbin/tcpd' server.

#

sshd: 192.168.0.230 :allow

這裡寫允許的ip或者網段