How to allow SSH connection to server using /etc/hosts.allow file?

Secure Shell protocol is abbreviated as SSH. It is a secure and most commonly using protocol to access remote servers. This protocol uses encryption while transferring data between two hosts.

TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD.

It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.

30 plus SSH interview questions and answers – compiled

I am going to explain how TCP wrappers help to protect server by controlling external connections. We can control the SSH connection to a server by using the following files:

/etc/hosts.allow and /etc/hosts.deny

How to allow an IP address for SSH connection?

Step 1 : SSH to server as root user.
Step 2 : Open /etc/hosts.allow file using your favorite text editor.

To allow one IP address to server:

sshd : IP-Address

To allow more than one IP addresses:

sshd : IP-Address1, IP-Address2, IP-Address3

To allow IP ranges:

sshd : 33.*.*.*
sshd : 66.66.*.*

To allow all IP addresses for SSH:

sshd : ALL



We can also control the same from /etc/hosts.deny file by adding the keyword “ALLOW.” See the example pasted below:


# vi /etc/hosts.deny

sshd : ALL : ALLOW

That’s it!

Also read:

How to manage SSH permission for custom users under your server
How to create a banner/welcome-note for SSH server
How to disable SSH login as root user – PermitRootLogin

Post navigation

Arunlal Ashok

Operations Engineer at Endurance International Group. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team
We like to travel. Our travelogues are published at Trip Mentor

Leave a Reply

Your email address will not be published. Required fields are marked *