Skip to Content

Granting SSH access using TCP Wrappers

How to grant SSH access only from an IP to a server?

Login to the server and edit hosts.allow and hosts.deny and add the below lines. hosts.allow will have high priority and it will override the rules in hosts.deny.

Refer below example of allowing SSH access only from 192.168.1.2 and blocking from all other IPs.

[email protected] ~]# vim /etc/hosts.allow

sshd : 192.168.1.2

[email protected] ~]# vim /etc/hosts.deny

sshd : ALL

How to grant SSH access to all remote servers only from the gateway server (192.168.1.2) using the parallel shell?

1. Login to the Ezeelogin shell (ezsh) and enable the parallel shell feature by pressing "F7" or "*" and select all servers. Refer below example.

2. Run the below command to place the entries in hosts.allow and deny.allow. Replace the below IP with your gateway IP.

[group:All servers]# echo "sshd : 192.168.1.2" >> /etc/hosts.allow ; echo "sshd : ALL" >> /etc/hosts.deny

    The above command will add gateway IP to hosts.allow which will allow SSH service from the gateway server and will block all other SSH connections from other servers.

3. Run the below command to confirm the entries in hosts.allow and in hosts.deny of all remote servers.

[group:All servers]# cat /etc/hosts.allow | grep -i sshd ; cat /etc/hosts.deny | grep -i sshd

centos.server

sshd : 192.168.1.2
sshd : ALL


ubuntu.server

sshd : 192.168.1.2
sshd : ALL

   Refer above example to view the entries in hosts.allow and hosts.deny.

4. SSH from the gateway server and other servers to the remote servers to confirm SSH only working from the gateway server.