SUPPORT THE SITE WITH A CLICK

Subscribe Rss:

SUPPORT THE SITE WITH A CLICK

Wednesday, January 2, 2008

OpenSSH deny or restrict access to users and groups

OpenSSH has two directives for allowing and denying ssh user access.
DenyUsers user1 user2 user3

Use to block user login. You can use wild cards as well as user1@somedomain.com (user1 is not allowed to login from somedomain.com host) pattern.
DenyGroups group1 group2

A list of group names, if user is part of primary of supplementary group login access is denied. You can use wildcards.

Please note that you cannot use a numeric group or username ID. If these directives are not used, default is to allow everyone.
AllowUsers user1 user2

This directive is opposite of DenyUsers directive.
AllowGroups group1 group2

This directive is opposite of DenyGroups directive.

You should always block access to root user/group:
Open /etc/ssh/sshd_config file:


# vi /etc/ssh/sshd_config

Append following names (directives):

DenyUsers root admin1
DenyGroups root admin1

Make sure at least one user is allowed to use ’su -’ command.

Save the file and restart the sshd.