Allowing SSH access to the outside world is a security risk, so it’s a good idea to restrict access to certain IP addresses or subnets within your LAN. Here is how to restrict SSH access to certain IP addresses.
Open the file/etc/hosts.allow as follows:
sudo nano /etc/hosts.allow
Assuming you want to restrict access to systems in the 192.168.2.0 subnet, add the following line to hosts.allow :
sshd: 192.168.2.0/24
# You can also add another IP address or range on the same line, separated by a space, like this:
# sshd: 192.168.2.0/24 192.168.3.128
Next, open the file /etc/hosts.deny:
sudo nano /etc/hosts.deny
Add this line to hosts.deny:
sshd: ALL
# This line will refuse SSH connections from anyone not in the hosts.allow file.
Now restart the SSH daemon for these changes to take effect:
sudo systemctl restart sshd
Leave a Reply