How to Restrict ssh access for users from specific IP address?
How to restrict ssh access for a user from ip ?
sshd (OpenSSH Daemon) is the daemon program for ssh. With sshd server and ssh client provide secure encrypted communications between two untrusted hosts over an insecure network. SSHD listen on port 22(default) for incoming client connections. In this article we will explain how to restrict ssh access for a user from specific IP address.
By default, sshd demaon allows all system users, you can see the usernames in “/etc/passwd” file.
How to restrict ssh access to particular users only?
To restrict ssh access to specific users, add following lines in the sshd configuration file
Open sshd configuration file
| 1 2 3 | vi /etc/ssh/sshd_config |
Add the following line
| 1 | AllowUsers user1 user2 user3 |
Save the file and Quit
Now you can restart sshd service .
How to Restrict ssh access for users from specific IP address?
1. Open file /etc/ssh/sshd_config
| 1 | vi /etc/ssh/sshd_config |
2. Add the following line
| 1 | AllowUsers user@192.168.2.21 user2@192.168.2.32 user3 user4 |
3. Save the file and Quit.
Now you have to restart sshd service to apply the changes you made to configuration file.
To allow all users from a specific IP address, use the following
| 1 | AllowUsers *@192.168.2.8 |
To allow a user from a particular subnet , use the following
| 1 | AllowUsers user@192.168.2.* |