Limiting SSH by user and address


Staff member
SSH has built in features that can create an access list of what user's and/or what IPs can access SSH for higher security. This is done by editing the sshd_config file, for example on CentOS servers it is at /etc/ssh/sshd_config

The limiting is done with the AllowUsers option. AllowUsers can be specified multiple times, or take multiple arguments.

Say your IP address is and is static. You can limit logins to just your IP using

AllowUsers root@

This allows the user root from ip only. All other IPs are denied. You need to manually specify each user. So for two user's you can have

AllowUsers root@ username@

This allows root from and username from

You can specify some logins with IPs and others with out ips like

AllowUsers root@ username

In this case username can log in from any IP but root only from

The config can be on two separate lines as well, like

AllowUsers root@
AllowUsers username@

After these changes SSH must be restart. On CentOS this can be done with service restart sshd