一. 仅允许特定IP或IP段访问

1.1 打开/etc/hosts.deny文件，

# 打开/etc/hosts.deny文件，
root@root:/user# sudo vim /etc/hosts.deny

添加下图示代码。

sshd:ALL

1.2 打开/etc/hosts.allow文件

# 打开`/etc/hosts.allow`文件
root@root:/user# sudo vim /etc/hosts.allow

添加如下代码。

sshd: 001.002.003.004                  # 仅允许 001.002.003.004访问
sshd: 001.002.003.,001.002.003.        # 允许 001.002.003.000 ~ 001.002.003.255 所有ip访问。
sshd: 001.002.,001.002.                # 允许 001.002.000.000 ~ 001.002.255.255 所有ip访问。

注： 指定范围用,分隔。

例如：要设置165.246.***.***的所有ip访问，设置如下。

说明: 以上配置无需重启ssh.

二. 仅允许特定用户/IP访问

2.1 打开/etc/ssh/sshd_config文件

root@root:/user# sudo vim /etc/ssh/sshd_config

2.2 在空白处添加下图示代码。

# 允许特定用户 'user1`和`user2` 访问
AllowUsers user1
AllowUsers user2

or
# 允许特定用户 `user1` 用特定 ip地址`001.002.003.004` 访问 
# 注：这里的用户指user1的电脑ip，非服务器ip.
AllowUsers user1@001.002.003.004

2.3 重启ssh

root@root:/user# sudo service ssh restart

三. 查看系统需要身份确认的操作

root@root:/user# tail -f /var/log/auth.log

结果如下：

Jan 14 18:54:54 lablab sshd[22808]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 18:55:25 lablab sshd[25471]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 18:56:16 lablab sshd[4155]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 18:56:35 lablab sshd[25723]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 18:57:30 lablab sshd[5587]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 18:58:15 lablab sshd[27925]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 18:58:35 lablab sshd[17877]: refused connect from 81.182.248.193 (81.182.248.193)
Jan 14 18:58:41 lablab sshd[24722]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 18:59:15 lablab sshd[17640]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:00:13 lablab sshd[17067]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 19:00:24 lablab sshd[28573]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:01:57 lablab sshd[19380]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 19:01:59 lablab sshd[25500]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:02:33 lablab sshd[19380]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:02:56 lablab sshd[11674]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 19:04:34 lablab sshd[11313]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:04:44 lablab sshd[21753]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:05:15 lablab sshd[2169]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 19:05:34 lablab sshd[406]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 19:06:38 lablab sshd[2708]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:06:40 lablab sshd[8693]: refused connect from 81.182.248.193 (81.182.248.193)
Jan 14 19:07:28 lablab sshd[18163]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:08:15 lablab sshd[6142]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 19:08:42 lablab sshd[23202]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 19:08:44 lablab sshd[25327]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:10:06 lablab sshd[6855]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:10:46 lablab sshd[18891]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:10:50 lablab sshd[23084]: refused connect from 190.128.169.222 (190.128.169.222)
Jan 14 19:12:04 lablab sshd[27939]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 19:13:00 lablab sshd[31457]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:13:01 lablab sshd[1327]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:14:39 lablab sshd[6782]: refused connect from 81.182.248.193 (81.182.248.193)
Jan 14 19:15:09 lablab sshd[13979]: refused connect from 125.124.209.123 (125.124.209.123)
Jan 14 19:15:28 lablab sshd[2459]: refused connect from 111.229.123.124 (111.229.123.124)
Jan 14 19:15:45 lablab sshd[20694]: refused connect from 106.75.104.110 (106.75.104.110)
Jan 14 19:16:28 lablab sshd[23735]: refused connect from 165.3.86.108 (165.3.86.108)

再如：

Jan 14 21:12:09 lablab sshd[2253]: Accepted password for user1 from 001.002.003.004 port 49966 ssh2
Jan 14 21:12:09 lablab sshd[2253]: pam_unix(sshd:session): session opened for user user1 by (uid=0)
Jan 14 21:12:09 lablab systemd-logind[904]: New session 11 of user user1.
Jan 14 21:16:12 lablab sshd[2420]: refused connect from 71.221.121.143 (71.221.121.143)

话说，10分钟竟然就有这么多来自世界各地的ip试图连接我们的服务器吗?