SSH 특정 IP 접속 허용/차단
- hosts.allow, hosts.deny설정을 통한 SSH 접속 허용/차단 방법
1. hosts.allow 접속 허용IP 추가 (예제: 192.168.0.100, 192.168.0.200)
[root@localhost ~]# vi /etc/hosts.allow # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 192.168.0.100 sshd: 192.168.0.200 |
2. hosts.deny 수정
[root@localhost ~]# vi /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: ALL |
- sshd: ALL - hosts.allow에 등록된 IP를 제외한 모든 아이피 차단
- sshd: IP - 입력된 IP 차단
3. sshd 서비스 재시작
[root@localhost ~]# systemctl restart sshd # 또는 service sshd restart |
4. 접속 차단 테스트
[root@denyhost ~]# ssh 192.168.0.300 ssh_exchange_identification: read: Connection reset by peer # 접속 불가 메세지 확인 |
'LINUX' 카테고리의 다른 글
| [Linux] CD/DVD에서 ISO 파일 만들기 (0) | 2019.08.08 |
|---|---|
| [리눅스] DELL Dell OpenManage Server Administrator(OMSA) Installation Guide (0) | 2018.05.23 |
| [리눅스] 열린 포트 확인 (0) | 2018.05.23 |
| [리눅스] SSH 포트변경 및 Root 접속 (0) | 2018.05.23 |
| [리눅스] ISO 마운트 및 자동 마운트(fstab) (0) | 2018.05.18 |
