Securing SSH access on your Linux server is crucial for protecting against unauthorized logins. By controlling SSH access based on IP addresses, you can limit who can connect to your server, thereby reducing the potential for attacks. This tutorial explains how to allow or deny SSH access to specific IP addresses directly through the SSH configuration file.

In this guide, you will learn how to configure the SSH daemon (sshd) to permit or block connections from particular IP addresses. You can apply these rules to all users or specific users, as needed. This approach helps to enhance the security of your server by restricting access to trusted IPs.

The method discussed here involves editing the sshd_config file, which is a direct and effective way to manage SSH access. It’s important to be precise with your configurations to avoid accidentally locking yourself out of your server.

Steps to allow or deny access SSH login by IP address:

  1. Open the SSH configuration file.
    $ sudo vi /etc/ssh/sshd_config
  2. Allow access from a specific IP address.
    AllowUsers *@192.168.1.100

    Add the IP address under the AllowUsers directive.

  3. Deny access from a specific IP address.
    DenyUsers *@192.168.1.200

    Add the IP address under the DenyUsers directive.

  4. Allow access from multiple IP addresses.
    AllowUsers *@192.168.1.100 *@192.168.1.101

    List multiple IP addresses under the AllowUsers directive.

  5. Deny access from multiple IP addresses.
    DenyUsers *@192.168.1.200 *@192.168.1.201

    List multiple IP addresses under the DenyUsers directive separated by space.

  6. Allow access for a subnet.
    AllowUsers @192.168.1.*

    Use a wildcard in the AllowUsers directive.

  7. Deny access for a subnet.
    DenyUsers @192.168.2.*

    Use a wildcard in the DenyUsers directive.

  8. Save and close the configuration file.
  9. Restart the SSH service.
    $ sudo systemctl restart ssh
Discuss the article:

Comment anonymously. Login not required.