<div>
I don't know if there is a way for SSH with exception, But I can suggest you to configure ip tables and allow SSH traffic from particular IPs only.
</div>


<div>
Could you please give me the syntax for allowing SSH access only for a particular IP ? &nbsp;I'm wondering how can I run 2 seperate SSHD service on a single host. Let me give a search for it.
</div>


<div>
Why do you even need the exception? In normal circumstances that shouldn't be necessary or allowed. You can still use sudo or su from the logged on user to get root privileges.
</div>


<div>
I would suggest to configure what You want in sshd_config using the AllowUsers directive. With this directive you specify the final set of users that are allowed to connect to SSH, but You can also control access based on ip addresses and hostnames. For example:<br />
<br />
AllowUsers root@10.2.21.141 pawwa<br />
<br />
would mean that root can connect only from host 10.2.21.141 and pawwa could connect from anywhere. Other users could not connect to SSH in this example. Of course, You need to PermitRootLogin yes.
</div>


<div>
But, yeah as rindi has pointed out, You should connect to SSH as regular user, and then use su or sudo to gain higher privileges.
</div>


<div>
@rindi, I want to run certain scripts as root from a remote server. Per my company policy, the direct root access to all critical servers should be denied. Thats why i need an expection allowing just one server.<br />
<br />
@Liddler, I will try your solution and update you.
</div>


<div>
To run the certian scripts you can use SUDO access. It should work.
</div>


<div>
Or, BTW, You can use authorized_keys file in /root/.ssh/ directory and add a &quot;from=host&quot; in that file, for example:<br />
<br />
from=&quot;192.168.10.16&quot; ssh-dss AAAAB3NzaC1kc3MA... My OpenSSH key<br />
<br />
if you are using PubKeyAuthentiication yes... But if it is scripts that You want to run, the most secure way will be by using sudo.
</div>


<div>
In the SSHD configuration file (usually /etc/ssh/sshd_config):<br />

<pre><code class="code-1 nolinks" id="code-20-35777884-1"><span>PermitRootLogin no</span>
</code></pre>
<br />
Be sure to restart the SSH server after making the change.
</div>


<div>
edit /etc/hosts.allow with the next code:<br />
<br />
sshd: your_allowed_ip<br />
<br />
<br />
and /etc/hosts.deny with:<br />
sshd: all<br />
<br />
<br />
that should work
</div>


<div>
Running an additional SSH service with different port seems to be the most appropriate solution and it worked for me. Thanks !
</div>


<div>
<div class="content wysiwyg-content">
Hello,<br />
<br />
I have a requirement to block the direct root SSH access from all the hosts EXCEPT one server. Is it possible ? &nbsp;I know that we can block the direct root access by setting the directive &quot;PermitRootLogin&quot; to &quot;no&quot; in /etc/ssh/sshd_config. But how can i create exceptional in it. Please let me know.<br />
<br />
Thanks !
</div>
</div>


Hello,

I have a requirement to block the direct root SSH access from all the hosts EXCEPT one server. Is it possible ?  I know that we can block the direct root access by setting the directive "PermitRootLogin" to "no" in /etc/ssh/sshd_config. But how can i create exceptional in it. Please let me know.

Thanks !

Blocked direct root SSH access in Linux

The Linux operating system, in all its flavors, has its own share of security flaws that allow intrusions, but there are various mechanisms by which these flaws can be removed, generally divided into two parts: authentication and access control. Authentication is responsible for ensuring that a user requesting access to the system is really the user with the account, while access control is responsible for controlling which resources each account has access to and what kind of access is permitted.

Linux Security

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

Linux

The variety of Linux distributions creates myriad issues relating to configuration and operations when computers are networked, not the least of which is the use of various network management applications, some of which are included with specific distributions, while others are standalone applications.