The best way to restrict SSH access by IP is by using the server’s hosts.allow and hosts.deny file. First open the /etc/hosts.allow file and add the IP’s you would like to allow:
Format – one IP per line:
SSHD: $IP #Reason
SSHD: 220.127.116.11 #Client 1
The hosts.allow file will have to be updated in this format every time you decide to add a new IP.
Once you have whitelisted all of the allowed IP’s for SSH you must then edit the hosts.deny file. Open the file /etc/hosts.deny and add the following line: