In this article we will be allowing or denying SSH access to a particular user or Group by making a few changes in SSH Configuration file.
First, we will see how to allow or enable SSH access to a user and group. Please note that all commands given below should be run as root or sudo user.
Allow SSH access to a user or group:
To allow SSH access for a particular user, let say waqar edit the “sshd_config” file as follows:
nano /etc/ssh/sshd_configmodify the following line:
AllowUsers waqar
systemctl restart sshd.serviceNow you can login from user “waqar”.
You can also allow more than one user using the following format:
AllowUsers user1 user2Similarly, to grant SSH access to a whole group root use the following command:
AllowGroups rootKeep in mind that to apply the changes you must restart ssh service.
Deny SSH access to a user or group
Now, to deny SSH access to a user in this example we will use user waqar use the following command:
nano /etc/ssh/sshd_configAdd the following line;
DenyUsers waqar
restart the ssh service to apply configuration.
systemctl restart sshd.service
As you can see permission is denied for user “waqar”.
Similarly, you can deny access to more than one user using the following command:
DenyUsers user1 user2Use the following command if you want to deny SSH access to a group:
DenyGroups rootDon’t forget to restart SSH service to apply the configurations.
Disable SSH Root login:
Root user is the most privileged in linux and has complete access to your system. therefore, it is not a good practice to allow SSH for root user.
To disallow SSH access to root user open the SSH configurations file.
nano /etc/ssh/sshd_configAdd/Edit the following line in the file and change it as follows:
PermitRootLogin no
save and quit the file.
Restart SSH service to apply configurations.
systemctl restart sshd.service
