进入 hosts.allow配置文件,设置仅允许192.168.144.132客户机可以通过ssh服务访问服务器,在hosts.deny配置文件中添加拒绝所有客户机使用SSH服务访问服务器。
[root@tast01 etc]# vim hosts.allow //进入编辑配置文件 ## hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # # sshd:192.168.144.132 //添加条目,仅允许192.168.144.132客户机访问服务器 ~ ~ ~ :wq //保存退出 [root@tast01 etc]# vim hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd:ALL //编辑条目拒绝所有客户机访问(注意,此处使用大写) ~ ~ ~ :wq //保存退出 [root@tast03 ~]# ssh root@192.168.144.133 //使用tast03客户机访问服务器 root@192.168.144.133's password: //输入密码 Last login: Mon Sep 16 13:43:33 2019 [root@tast01 ~]# //成功登录 [root@tast02 ~]# ssh root@192.168.144.133 //使用tast02客户机访问服务器 ssh_exchange_identification: read: Connection reset by peer //拒绝访问 [root@tast02 ~]#