Linux下防止未授权IP使用ssh服务

Linux下防止未授权IP使用ssh服务

方法一

iptables -A INPUT -p tcp -s 192.168.0.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s 192.168.1.0/24 --destination-port 22 -j ACCEPT

iptables -A INPUT -p tcp -s ! 127.0.0.1 --destination-port 22 -j DROP

方法二

[root@nihao ~]# more /etc/hosts.deny

#

# hosts.deny    This file describes the names of the hosts which are

#               *not* allowed to use the local INET services, as decided

#               by the '/usr/sbin/tcpd' server.

#

# The portmap line is redundant, but it is left to remind you that

# the new secure portmap uses hosts.deny and hosts.allow.  In particular

# you should know that NFS uses portmap!

sshd: ALL : deny

[root@nihao ~]# more /etc/hosts.allow

#

# hosts.allow   This file describes the names of the hosts which are

#               allowed to use the local INET services, as decided

#               by the '/usr/sbin/tcpd' server.

#

sshd: 192.168.0.230 :allow

这里写允许的ip或者网段

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/28701.html