HOWTO: Allow SSH logins from Anywhere


I, like many people, access my servers, and in fact, almost every other computer in my house, through SSH.

I’ve previously set up the correct port forwarding to port 22, and installed and configured ddclient on my server, in order to be able to SSH into it from a web address.

One thing I forgot however, is to allow SSH logins from unknown IP addresses.

To do this, edit /etc/hosts.allow and add;

sshd : ALL : allow

That will allow any IP address to connect to your server, which is a slightly dangerous thing. You can also list specific IP addresses or ranges to allow, and block all others;

#Allow the xx.xx.xx.0 range

sshd : xx.xx.xx. : allow

#Allow specific IP

sshd : xx.xx.xx.xx : allow

#Allow localhost

sshd : localhost : allow

# Deny all others

sshd : ALL : deny

Note that the order is important, if the ALL : deny is at the beginning, it’ll ignore everything after it, and just block everyone.


%d bloggers like this: