How to Restrict SSH Access by IP Address


Allowing SSH access to the outside world is a security risk, so it’s a good idea to restrict access to certain IP addresses or subnets within your LAN. Here is how to restrict SSH access to certain IP addresses.

Open the file/etc/hosts.allow as follows:

sudo nano /etc/hosts.allow

Assuming you want to restrict access to systems in the subnet, add the following line to hosts.allow :


# You can also add another IP address or range on the same line, separated by a space, like this:
# sshd:

Next, open the file /etc/hosts.deny:

sudo nano /etc/hosts.deny

Add this line to hosts.deny:

sshd: ALL

#  This line will refuse SSH connections from anyone not in the hosts.allow file.

Now restart the SSH daemon for these changes to take effect:

sudo systemctl restart sshd


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.