How to block ssh access

How to block ssh access ?

SSH service can be filter using tcpwrapper (hosts.deny)

TCPwrapper is xinetd based service resides under the /etc/xinetd.d. The xinetd Service is a replacement of inetd older version of linux.

TCPwrapper used for Security and Hardening by applying filters.

Following two Linux machines used in our guide to apply filter ( hosts.deny) as source to connect

To verify whether the service supports TCP wrapper .

# whereis sshd
sshd: /usr/sbin/sshd /usr/share/man/man8/sshd.8.gz
[root@experts ~]# ldd /usr/sbin/sshd | grep => /lib/ (0x00991000)

1. ssh login to as root user , done


Install xinetd rpm package from repo using yum command line utility.,done

#yum install xinetd

Start service xinetd and set it on at default boot level.

#service xinetd start


#chkconfig xinetd on

hosts.allow and hosts.deny configuration files are used for controlling service access, hosts.allow always overwrite hosts.deny file.

(/etc/) The default location for hosts.allow and hosts.deny configuration files

Deny SSH service from to using below steps

2. vi /etc/hosts.deny 


Save and Exit.

Ex: a IP and range of IP’s or entire subnet or all (sshd: or ALL : all clients including IP address or host or domain name)
Run below command to apply changes made in hosts.deny.

#service xinetd restart

3. Verify, try login from to

[root@experts ~]# ssh

Output :

ssh_exchange_identification: Connection closed by remote host
Thanks for watching , for more details visit us

Refer below video :

Leave a Reply

Your email address will not be published. Required fields are marked *

73 + = 81