Securing SSH access using /etc/hosts.allow is a useful method to control which hosts are allowed to connect to your SSH server. Here’s how you can set it up:
Open /etc/hosts.allow: Use a text editor like nano or vi to open the /etc/hosts.allow file:
sudo nano /etc/hosts.allow
Allow Specific Hosts or Networks: In the hosts.allow file, you can specify which hosts or networks are allowed to connect to your SSH server. You can use either IP addresses, domain names, or network ranges. The format is:
sshd: For example, to allow connections only from a specific IP address:
sshd: 192.168.1.100
To allow connections from a specific network range:
sshd: 192.168.1.0/24
Deny All Others (Optional): By default, if a host is not explicitly allowed in hosts.allow, it will be denied access. However, if you want to explicitly deny access to all hosts except those specified in hosts.allow, you can add the following line to /etc/hosts.deny:
sshd: ALL
This above line tells the SSH daemon to deny all connections from any host not explicitly allowed in hosts.allow.
Save and Close the File: After making changes, save and close the /etc/hosts.allow file.
Restart SSH Service: Restart the SSH service for changes to take effect:
sudo systemctl restart sshd