启动或禁止用户IP登录
除了可以禁止某个用户登录,我们还可以针对固定的IP进行禁止登录,这里面其实就是修改了配置文件
查看 /etc/hosts.allow配置文件,设置允许登录的IP
[root@rhsde ~]# more /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd:192.168.220.164:allow
注:如果是多个IP的话应用空格隔开,如sshd:192.168.220.164 192.168.1.100:allow
查看/etc/hosts.deny文件,设置sshd:ALL
[root@rhsde ~]# more /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd:ALL
也就是说,我们禁止所有IP,但是允许相关IP登录。
出处:
http://blog.csdn.net/chenleixing/article/details/46659959
也可以用iptables进行限制访问22端口
iptables -t filter -I INPUT --dport 22 -j DROP
iptables -t fitler -A INPUT -p tcp -s 192.168.0.0/24 --dport 22 -j ACCEPT
如果需要永久生效,修改/etc/sysconfig/iptables
转载于:https://blog.51cto.com/frankch/1760305