Secure Shell protocol is abbreviated as SSH. It is a secure and most commonly using protocol to access remote servers. This protocol uses encryption while transferring data between two hosts.
TCP Wrapper is a host-based networking ACL system, used to filter network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD.
It allows host or subnetwork IP addresses, names and/or ident query replies, to be used as tokens on which to filter for access control purposes.
I am going to explain how TCP wrappers help to protect server by controlling external connections. We can control the SSH connection to a server by using the following files:
/etc/hosts.allow and /etc/hosts.deny
How to block an IP address from SSH connection?
Step 1 : SSH to server as root user.
Step 2 : Open /etc/hosts.deny file using your favorite text editor.
sshd : IP-Address
To block more than one IP addresses:
sshd : IP-Address1, IP-Address2, IP-Address3
To block IP ranges:
sshd : 33.*.*.* sshd : 66.66.*.*
Block all IP addresses from SSH
sshd : ALL
ALL : ALL
SSH connection result:
[root@localhost ~]# ssh localhost ssh_exchange_identification: Connection closed by remote host
We can also control the same from /etc/hosts.allow file by adding the keyword “DENY.”
# vi /etc/hosts.allow sshd : ALL : DENY