waqar
waqar
I am an Electrical Engineer. Linux Geek, DevOps, VOIP and Asterisk is my thing :)

Allow/Deny SSH Access To a Particular User Or Group In Linux

- Advertisement -

In this article we will be allowing or denying SSH access to a particular user or Group by making a few changes in SSH Configuration file.

First, we will see how to allow or enable SSH access to a user and group. Please note that all commands given below should be run as root or sudo user.

 Allow SSH access to a user or group:

To allow SSH access for a particular user, let say waqar edit the “sshd_config” file as follows:

nano /etc/ssh/sshd_config

modify the following line:

AllowUsers waqar
systemctl restart sshd.service

Now you can login from user “waqar”.

You can also allow more than one user using the following format:

AllowUsers user1 user2
- Advertisement -

Similarly, to grant SSH access to a whole group root use the following command:

AllowGroups root

Keep in mind that to apply the changes you must restart ssh service.

Deny SSH access to a user or group

Now, to deny SSH access to a user in this example we will use user waqar use the following command:

nano /etc/ssh/sshd_config

Add the following line;

DenyUsers waqar
SSH Access in Linux

restart the ssh service to apply configuration.

systemctl restart sshd.service

As you can see permission is denied for user “waqar”.

Similarly, you can deny access to more than one user using the following command:

DenyUsers user1 user2

Use the following command if you want to deny SSH access to a group:

DenyGroups root

Don’t forget to restart SSH service to apply the configurations.

Disable SSH Root login:

Root user is the most privileged in linux and has complete access to your system. therefore, it is not a good practice to allow SSH for root user.

To disallow SSH access to root user open the SSH configurations file.

nano /etc/ssh/sshd_config

Add/Edit the following line in the file and change it as follows:

PermitRootLogin no

save and quit the file.

Restart SSH service to apply configurations.

systemctl restart sshd.service

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest articles

Join us on Facebook

x