getenforce 
setenforce 0
sed -i 's/^SELINUX=.*$/SELINUX=disabled/' /etc/selinux/config
cat /etc/selinux/config

ll /etc/hosts.allow
ldd /usr/sbin/sshd

AllowUsers
       This keyword can be followed by a list of user name patterns, separated by spaces.
       If specified, login is allowed only for user names that match one of the patterns.
       Only user names are valid; a numerical user ID is not recognized.  By default, login
       is allowed for all users.  If the pattern takes the form USER@HOST then USER and
       HOST are separately checked, restricting logins to particular users from particular
       hosts.  HOST criteria may additionally contain addresses to match in CIDR ad‐
       dress/masklen format.  The allow/deny users directives are processed in the follow‐
       ing order: DenyUsers, AllowUsers.

tail -f /var/log/secure
可以看到如下日志
Jan 24 21:07:47 localhost sshd[1447]: User root from 192.168.31.232 not allowed because not li