To restrict SSH access using tcpd (TCPWrapper) on a Linux or Unix system, you will need to modify the /etc/hosts.allow and /etc/hosts.deny files.
In /etc/hosts.allow, you can specify the IP addresses or hostnames of the systems that are allowed to access the SSH server. For example:
sshd: 192.168.1.0/24
This will allow systems with IP addresses in the range of 192.168.1.0 to 192.168.1.255 to access the SSH server.
In /etc/hosts.deny, you can specify the IP addresses or hostnames of the systems that are not allowed to access the SSH server. For example:
sshd: all
This will deny access to the SSH server for all systems.
Note that the hosts.allow file takes precedence over the hosts.deny file, so if a system is listed in both files, it will be allowed access if it is listed in hosts.allow.
After modifying the /etc/hosts.allow and /etc/hosts.deny files, you will need to restart the SSH server for the changes to take effect. On most systems, this can be done with the following command:
systemctl restart ssh
Alternatively, you can use the service command if your system does not use systemctl:
service ssh restart
Finally, it's a good idea to secure your SSH server by using strong passwords and enabling two-factor authentication. This will help to prevent unauthorized access even if someone is able to bypass the restrictions in the /etc/hosts.allow and /etc/hosts.deny files.