Access restrictions in PAM /etc/security/access.conf
You need to edit following files:
/etc/pam.d/sshd - Linux PAM configuration file.
/etc/security/access.conf - By default rules for access management are taken from configuration this file. When someone logs in, the entry in this scanned and matched against rule. You can specify whether the login will be accepted or refused to user. General syntax is as follows:
permission : username: origins
permission : Permission field should be a "+" (access granted) or "-" (access denied)
username : Linux system username/login name such as root, vivek etc. You can also specify group names. You can also use special keywod ALL (to match all username).
origins : It is a list of one ore more tty names, host name, IP address, domain names that begin with . or special key words ALL or LOCAL
Let us say you want to allow user root and vivek login from IP address 18.104.22.168 only.
Open file /etc/security/access.conf
# vi /etc/security/access.conf
Append following line:
-: ALL EXCEPT root vivek:22.214.171.124
Save the file and Open /etc/pam.d/sshd file :
# vi /etc/pam.d/sshd
Append following entry
account required pam_access.so
Save and close the file.
Now ssh will only accept login access from root/vivek from IP address 126.96.36.199. Now if user vivek (or root) try to login ssh server from IP address 188.8.131.52 he will get
'Connection closed by xxx.xxx.xx.xx'; error and following log entry should be written to your log file:
# tailf /var/log/message