# tested on
uname -a
Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.39-1+deb8u2 (2017-03-07) i686 GNU/Linux
ssh -V
OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t  3 May 2016

vim /etc/ssh/sshd_config; # open up ssh server config file

AllowUsers user1 user2 user3 # this would allow user1, user2 and user3 to login from ANY host/ip address
AllowUsers user1@172.20.0.7 user2@172.20.0.28 user2@172.20.0.33 # this would allow user1 ONLY to login from 0.7, user2 ONLY from 0.28 and user3 ONLY from 0.33
DebianBanner no # while you are on it - turn off that Debian-OS version info during ssh login attempts
# a little bit more security
# but SSH-Version info is still shown (it is required for clients to chose protocols)
# super-hackers may have other ways to determine which OS and ssh version your server is using

/etc/init.d/ssh restart; # do not forget to restart the service or the changes won't be applied immediately
[ ok . Restarting ssh (via systemctl): ssh.service

# if somebody who is on a "NotAllowed" host tries to login, this will show up in

tail -f /var/log/auth.log
May  5 11:48:07 debian sshd[2246]: reverse mapping checking getaddrinfo for suse.com-ulm.local [172.20.0.25] failed - POSSIBLE BREAK-IN ATTEMPT!
May  5 11:48:07 debian sshd[2246]: User user from 172.20.0.25 not allowed because not listed in AllowUsers
May  5 11:48:07 debian sshd[2246]: input_userauth_request: invalid user user [preauth]
May  5 11:48:08 debian sshd[2246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.20.0.25  user=user
May  5 11:48:10 debian sshd[2246]: Failed password for invalid user user from 172.20.0.25 port 40820 ssh2

# btw you won't even be allowed to do ssh logins from localhost

ssh user@localhost
user@localhost's password:
Permission denied, please try again.
admin