Introduction
Once your IP is public it gets attention from so many bots in the internet that do brute force and dictionary attacks to “guess” your passwords so it is always the best to lock SSH access to a list of your trusted static IPs (such as your companies VPN IPs
For this tutorial we will use Linux’s host.allow and host.deny file which is pretty straight forward
Step 1
Now we will allow a list of known IPs who should be able to login to SSH. For that we need to add an entry to /etc/hosts.allow file, so we go ahead and open it again with your favorite editor ?
vi /etc/hosts.allow
and add the following lines to allow the whitelisted IP blocks to your public SSH.
sshd: 10.83.33.77/32, 10.63.152.9/32, 10.12.100.11/28, 10.82.192.0/28
This line will allow all the comma separated IP blocks to your SSH port
Note: make sure you double check the IP addresses, or you will be blocked by SSH
Step 2
Open up /etc/hosts.allow file using your favorite text editor
vi /etc/hosts.deny
and add the following lines to deny all SSH connections to your public SSH port
sshd: ALL
This code will block all incoming SSH requests on your SSH port
Conclusion
That’s it. This will protect you from brute force attacks and messages like “There was 9999 failed login attempt since the last successful login.”