User Tools

Site Tools


Limit your SSH logins using GeoIP

Before starting, make sure you have a few open SSH sessions to your box, particularly if you dont have physical access to your server. You dont want to lock yourself out!

1. Install GeoIP

yum -y install geoip

2. Install filter script

wget -O /usr/local/bin/

3. Make it executable

chmod +x /usr/local/bin/

4. Edit the script

Make sure you put your country in the script by editing it

vi /usr/local/bin/

5. Update hosts.deny

We want default behaviour to block all SSH traffic

sed -i '/^sshd/d' /etc/hosts.deny
echo sshd: ALL >> /etc/hosts.deny

5. Update hosts.allow

Now call our script for allow traffic from inside hosts.allow

sed -i '/^sshd/d' /etc/hosts.allow
echo "sshd: ALL: spawn /usr/local/bin/ %a" >> /etc/hosts.allow


info/ssh-geoip.txt · Last modified: 2017/03/01 21:19 by