How to limit ssh access to specific users or groups

posted on may 6, 2008 in howto, linux with 1 comment 
Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced.
Fortunately this can be easily done with openSSH. Just edit the /etc/ssh/sshd_config file and add the desired directives shown below. You don’t need them all, just use what suits you needs.
openSSH provides 4 directives, AllowUsers, AllowGroups, DenyUsers and DenyGroups
AllowUsers buddy john doe

Only users buddy, john and doe will be able to log in via ssh.
AllowGroups sysadmin bkpadmin

Only users within groups sysadmin and bkpadmin will be able to log in via ssh.
DenyUsers rambo tina

This is the opposite of AllowUsers. All users except for rambo and tina will be able to log in via ssh.
DenyGroups hr payroll

This is the opposite of AllowGroups. All groups except for hr and payroll will be able to log in via ssh.

你可能感兴趣的:(linux,ssh,Security,Access)