使用两台linux服务器进行测试,192.168.1.28和192.168.1.38,在38上配置hosts.deny文件,添加deny 28的ssh访问。
[root@localhost ~]# vi /etc/hosts.deny
[root@localhost ~]# more /etc/hosts.deny
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd:192.168.1.28:deny
[root@localhost ~]# systemctl restart xinetd
[root@localhost ~]#
192.168.1.28服务器上ssh登录38,登录使用,不过使用nmap扫描38的22端口,依然是开放的。
[root@localhost ~]# ssh root@192.168.1.38
ssh_exchange_identification: read: Connection reset by peer
[root@localhost ~]# nmap -sT -p22 192.168.1.38
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-26 11:13 CST
Nmap scan report for 192.168.1.38
Host is up (0.00045s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 00:0C:29:3C:EB:B1 (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.21 seconds
[root@localhost ~]#
网友评论