通过host.allow和hosts.deny限制特定IP来ssh登陆服务器

[root@cacti vhost]# cat /etc/hosts.allow

hosts.allow This file contains access rules which are used to

allow or deny connections to network services that

either use the tcp_wrappers library or that have been

started through a tcp_wrappers-enabled xinetd.

See 'man 5 hosts_options' and 'man 5 hosts_access'

for information on rule syntax.

See 'man tcpd' for information on tcp_wrappers

sshd:104.207.48.234
sshd:192.168.1.203
sshd:172.168.10.20

作用:允许外网IP:104.207.48.234 通过sshd登陆服务器
允许内网IP:192.168.1.203/172.168.10.20通过sshd登陆服务器

然后再拒绝其他ip访问本机
[root@cacti vhost]# grep sshd /etc/hosts.deny
sshd:ALL

此方法可以结合open***方式一块使用,实现open***拨号,让其他所有服务器的/etc/hosts.allow 都允许open***服务器上的外网IP ssh访问.