Restrict SSH Access by IP Address on Linux

[dfads params=’groups=-1′]

Here is how to restrict SSH access to certain IP addresses on and off your home LAN.

Edit the /etc/hosts.allow file to include these lines, assuming your home LAN is on the 192.168.4.x nonrouting IP block, and your work address is on the routing 1.1.1.x
IP block: Remember to add the period on the end of each incomplete IP number.
If you have another complete IP address or range, add a space and that range on the end.

# allow ssh login from home LAN and work LAN
sshd,sshdfwd-X11: 192.168.4. 1.1.1.x.

Edit your /etc/hosts.deny file to include this line:
sshd,sshdfwd-X11:ALL
These lines refuse SSH connections from anyone not in the IP address blocks listed.

Log out and then try logging back in to test your configuration. Good luck!

[dfads params=’groups=-1′]