How do I allow or deny specific users in SSH?

Votes: 1

Posted: 03 Feb, 2007
by: Admin A.

Updated: 03 Feb, 2007
by: Admin A.

DENY AND ALLOW USERS IN OPENSSH

By default, OpenSSH allows logins for anyone with a valid password and

shell. However, on a Linux system with numerous system accounts, this can

be problematic. Imagine that you're running a mail server, where each

mail user has a system account. If you set up an e-mail account for a

friend, you may unwittingly give him or her shell access to the system.

Fortunately, OpenSSH can resolve this issue. Use your favorite editor to

open the /etc/ssh/sshd_config file, which is the master OpenSSH server

configuration. At the end of the file, you can add statements to fine-tune

the login restrictions to the system. For example, if your friend has a

system account solely for the purpose of obtaining e-mail, add the

following statement to the end of the file:

DenyUsers username

Replace username with the name of your friend. This tells OpenSSH to

disallow any logins for username, regardless of whether he or she gets the

password right. OpenSSH will take the username and password but will

return with an incorrect login prompt.

If you want to deny access to several users, use the inverse to deny

everyone and then specify access to one or more accounts:

AllowUsers username

This allows only the user named username access to log in to the Linux

server. No one else will have access. Use as many AllowUsers or DenyUsers

keywords that you need to tighten the access controls on the system.

Others in this Category

	Search and replace in vi
	How can I connect to a non anonymous FTP site using Midnight Commander?
	Performing recursive commands on a Unix / Linux file system.
	How to fix weird fonts when using Midnight Commander & PuTTY?
	How can I perform a quick and easy installation of SpamAssassin?
	How to install a custom scratchbuilt kernel. (long version)
	How to build a custom kernel (short version)
	How do I label a Linux partition?
	How do I turn on IP forwarding on Linux?
	Port forwarding using netcat.
	How to build a custom install of ProFTPD from source.
	How do I remove dos line breaks ^M with vi?
	How do I set the date and time in Linux?
	Special extended ASCII characters
	Get library info for specified executables
	How do I remove duplicate packages in Redhat Package Manager (RPM)?
	How do I install RRD Tool?
	How do I obtain a new root.cache / root.hints file?
	Using awk to filter text files for specific columns of information
	Beware of the lsattr command - it can cause confusion!
	How can I connect to a Windows desktop from my Linux PC?
	How do I install Perl modules?
	How do I create an .iso image from a directory of files?
	Setting netbios node types in dhcpd.conf
	How can I forward ports on my Linux firewall?
	How to debug Postfix
	Handy one line SED command howto
	chmod parameters explained
	Error linux/config.h
	RPM repositories
	How do I perform a recursive find?
	How do I install a .src.rpm file?
	How do I find a text string using awk?
	How do I list users on Linux
	Adding Java support to Linux (specifically CentOS / Redhat)
	How to recover a grub boot partition
	Linux kernel build tips
	Adding users to groups.
	Using ssh and tar to transfer files from server to server.
	Using tar to copy files between servers
	Removing lines of text with SED