SSH - Allow only some specific users/groups use SSH
To allow only some specific users/groups access the SSH server:
$ sudo nano /etc/ssh/sshd_config
Add the following line to allow access only for user 'trinh':
AllowUsers trinh
Or this line to allow only group 'mygroup':
AllowGroups mygroup
Restart ssh service:
$ sudo service ssh restart
More options (source: http://knowledgelayer.softlayer.com/learning/how-do-i-permit-specific-users-ssh-access):
$ sudo nano /etc/ssh/sshd_config
Add the following line to allow access only for user 'trinh':
AllowUsers trinh
Or this line to allow only group 'mygroup':
AllowGroups mygroup
Restart ssh service:
$ sudo service ssh restart
More options (source: http://knowledgelayer.softlayer.com/learning/how-do-i-permit-specific-users-ssh-access):
AllowGroupsThis keyword can be followed by a list of group name patterns,separated by spaces.If specified, login is allowed only forusers whose primary group or supplementary group list matches oneof the patterns.`*' and `?' can be used as wildcards in thepatterns.Only group names are valid; a numerical group ID isnot recognized.By default, login is allowed for all groups.
AllowUsersThis keyword can be followed by a list of user name patterns,separated by spaces.If specified, login is allowed only foruser names that match one of the patterns.`*' and `?' can beused as wildcards in the patterns.Only user names are valid; anumerical user ID is not recognized.By default, login isallowed for all users.If the pattern takes the form USER@HOSTthen USER and HOST are separately checked, restricting logins toparticular users from particular hosts.
DenyGroupsThis keyword can be followed by a list of group name patterns,separated by spaces.Login is disallowed for users whose primarygroup or supplementary group list matches one of the patterns.`*' and `?' can be used as wildcards in the patterns.Only groupnames are valid; a numerical group ID is not recognized. Bydefault, login is allowed for all groups.
DenyUsersThis keyword can be followed by a list of user name patterns,separated by spaces.Login is disallowed for user names thatmatch one of the patterns.`*' and `?' can be used as wildcardsin the patterns.Only user names are valid; a numerical user IDis not recognized.By default, login is allowed for all users.If the pattern takes the form USER@HOST then USER and HOST areseparately checked, restricting logins to particular users fromparticular hosts.
Comments
Post a Comment