The best way to restrict SSH access by IP is by using the server’s hosts.allow and hosts.deny file. First open the /etc/hosts.allow file and add the IP’s you would like to allow:
Format – one IP per line:
SSHD: $IP #Reason
Example:
SSHD: 1.1.1.1 #Client 1
The hosts.allow file will have to be updated in this format every time you decide to add a new IP.
Once you have whitelisted all of the allowed IP’s for SSH you must then edit the hosts.deny file. Open the file /etc/hosts.deny and add the following line:
sshd: ALL