How to limit ssh access to specific users or groups

6 May, 2008  |  Posted by Danesh  |  in HowTo, Linux

Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced.

Fortunately this can be easily done with openSSH. Just edit the /etc/ssh/sshd_config file and add the desired directives shown below. You don’t need them all, just use what suits you needs.

openSSH provides 4 directives, AllowUsers, AllowGroups, DenyUsers and DenyGroups

AllowUsers buddy john doe
Only users buddy, john and doe will be able to log in via ssh.

AllowGroups sysadmin bkpadmin
Only users within groups sysadmin and bkpadmin will be able to log in via ssh.

DenyUsers rambo tina
This is the opposite of AllowUsers. All users except for rambo and tina will be able to log in via ssh.

DenyGroups hr payroll
This is the opposite of AllowGroups. All groups except for hr and payroll will be able to log in via ssh.

  • Digg
  • del.icio.us
  • BlinkList
  • Reddit
  • Slashdot
  • StumbleUpon
  • Technorati
  • Furl
  • Google
  • Live
  • Facebook
  • Pownce
  • TwitThis
  • E-mail this story to a friend!
Tags: , , , ,
 Did you enjoy this article? If yes, then subscribe to my RSS Feed

Related Posts

One Response so far | Have Your Say!

  1. john  |  June 24th, 2008 at 10:46 pm #

    Web based ssh client

    john - Gravatar

Leave a Feedback

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>