Linux下防止未授权IP使用ssh服务
Linux下防止未授权IP使用ssh服务
Linux下防止未授权IP使用ssh服务
方法一
iptables -A INPUT -p tcp -s 192.168.0.0/24 --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 22 -j ACCEPT
iptables -A INPUT -p tcp -s ! 127.0.0.1 --destination-port 22 -j DROP
方法二
[root@nihao ~]# more /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
sshd: ALL : deny
[root@nihao ~]# more /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
sshd: 192.168.0.230 :allow
这里写允许的ip或者网段
评论暂时关闭