Allow and deny IP for ssh

We can allow and deny IP for ssh. To do this we have to change some configuration at /etc/host.deny and /etc/host.allow files. Suppose we want to deny, then we will edit the /etc/host.deny file and do some changes as follows.

vi /etc/host.deny


Save & exit

This will deny to ssh.

Suppose we want to allow only to ssh. Then we will edit two files as follows:

vi /etc/host.deny


save & exit

vi /etc/host.allow


save & exit

We can do the same by changing only at /etc/host.deny as follows:

vi /etc/host.deny

sshd:all except

save & exit



  1. Dave M Smith said


    An answer that actually works!

    Dave Smith
    UNIX Sys Admin

  2. Dave M Smith said

    My issue:
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to s137a45 [] port 22.
    debug1: Connection established.
    debug1: identity file /export/home/u064125/.ssh/identity type -1
    debug1: identity file /export/home/u064125/.ssh/id_rsa type -1
    debug1: identity file /export/home/u064125/.ssh/id_dsa type -1

    ** ssh_exchange_identification: Connection closed by remote host

    debug1: Calling cleanup 0x341a0(0x0)

    This was the solution:
    remove the ALL:ALL in the /etc/hosts.deny
    add sshd:all except (my ssh server IP)
    and restart ssh on the box.

    Thanks Dave Smith

RSS feed for comments on this post · TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: