In this article we will be allowing or denying SSH access to a particular user or Group by making a few changes in SSH Configuration file.
First, we will see how to allow or enable SSH access to a user and group. Please note that all commands given below should be run as root or sudo user.
Allow SSH access to a user or group:
To allow SSH access for a particular user, let say waqar edit the “sshd_config” file as follows:
nano /etc/ssh/sshd_config
modify the following line:
AllowUsers waqar
![](https://unixcop.com/wp-content/uploads/2022/01/image-109-1024x458.png)
systemctl restart sshd.service
Now you can login from user “waqar”.
![](https://unixcop.com/wp-content/uploads/2022/01/image-110.png)
You can also allow more than one user using the following format:
AllowUsers user1 user2
Similarly, to grant SSH access to a whole group root use the following command:
AllowGroups root
Keep in mind that to apply the changes you must restart ssh service.
Deny SSH access to a user or group
Now, to deny SSH access to a user in this example we will use user waqar use the following command:
nano /etc/ssh/sshd_config
Add the following line;
DenyUsers waqar
![SSH Access in Linux](https://unixcop.com/wp-content/uploads/2022/01/image-111-1024x479.png)
restart the ssh service to apply configuration.
systemctl restart sshd.service
![](https://unixcop.com/wp-content/uploads/2022/01/image-112.png)
As you can see permission is denied for user “waqar”.
Similarly, you can deny access to more than one user using the following command:
DenyUsers user1 user2
Use the following command if you want to deny SSH access to a group:
DenyGroups root
Don’t forget to restart SSH service to apply the configurations.
Disable SSH Root login:
Root user is the most privileged in linux and has complete access to your system. therefore, it is not a good practice to allow SSH for root user.
To disallow SSH access to root user open the SSH configurations file.
nano /etc/ssh/sshd_config
Add/Edit the following line in the file and change it as follows:
PermitRootLogin no
![](https://unixcop.com/wp-content/uploads/2022/01/image-113-1024x593.png)
save and quit the file.
Restart SSH service to apply configurations.
systemctl restart sshd.service