How to allow SSH connection to server using /etc/hosts.allow file?

Secure Shell protocol is abbreviated as SSH. It is a secure and most commonly using protocol to access remote servers. This protocol uses encryption while transferring data between two hosts.

TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD.

It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

30 plus SSH interview questions and answers – compiled

I am going to explain how TCP wrappers help to protect server by controlling external connections. We can control the SSH connection to a server by using the following files:

/etc/hosts.allow and /etc/hosts.deny

How to allow an IP address for SSH connection?

Step 1 : SSH to server as root user.
Step 2 : Open /etc/hosts.allow file using your favorite text editor.

To allow one IP address to server:

sshd : IP-Address

To allow more than one IP addresses:

sshd : IP-Address1, IP-Address2, IP-Address3

To allow IP ranges:

sshd : 33.*.*.*
sshd : 66.66.*.*

To allow all IP addresses for SSH:

sshd : ALL



We can also control the same from /etc/hosts.deny file by adding the keyword “ALLOW.” See the example pasted below:


# vi /etc/hosts.deny

sshd : ALL : ALLOW

That’s it!

Also read:

How to manage SSH permission for custom users under your server
How to create a banner/welcome-note for SSH server
How to disable SSH login as root user – PermitRootLogin

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *