Only allow certain IP's access to SSH   IMPORTANT NOTE:  This document is based on FreeBSD, CentOS, RedHat Linux 7.3 and Enterprise.  The concepts should be similar across operating systems, but the commands will very likely be different.  Also, never assume the directory structures exist in your system as written in the document.  Never blindly follow security instructions -- read, review, compare, apply as it fits your system. Log into each server as root (or admin if you disabled direct root access). Edit /etc/hosts.allow Open a new line before "ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h | /bin/mail -s "Port Denial noted %d-%h" root) & : DENY": For each IP address you want to allow, add the following to /etc/hosts.allow (before the line noted): sshd: xxx.xxx.xxx.xxx : ALLOW Where xxx.xxx.xxx.xxx is the actual IP address you want to grant access. Save the file Edit /etc/hosts.deny Add the following line towards the very top (we have it as the 1st line after the initial comments in our file): sshd: ALL Save the file IMPORTANT:  Before you log off your current SSH session, try to open another SSH session to the machine you just made these settings on.  If you cannot get into the system, then in your already open SSH session, then comment out the lines you added. Notes According to Positive Software support, they use the following IP addresses to provide support to your servers (as of November 19, 2007 -- please put in netmask format.): 213.130.28.26 64.131.90.27 Also remember to include the IP address of your control panel and other Parallels H-Sphere servers so they can talk with one another via SSH. References Secure Configuration of SSHD SSH Communications Security Information IMPORTANT NOTE:  This document and all linked document is being provided as a good will gesture to the Parallels H-Sphere community and to others who may benefit from its use.  Dynamic Net, Inc. makes no representations implied or explicit as to their value or warranty. Dynamic Net, Inc. will not be held liable for any damage resulting in the application of the steps and procedures noted.  If you feel uncomfortable at all about doing any of the steps, make a complete system backup and hire a third party like We Manage Servers to do the work for you.