Permit Or Deny SSH Entry To A Specific Person Or Group In Linux

This transient information will stroll you although the steps to permit or deny SSH entry to a specific person or a bunch in Linux. Some time in the past, we mentioned methods to restrict a person’s entry to Linux system utilizing Restricted shell. As soon as we’ve put the customers in restricted mode, they cannot do something besides what they’re allowed to do. It will likely be useful if you need to enable a specific person to execute solely a particular set of instructions. Right here on this article, we’re going to allow or disable SSH entry for an person or group by making just a few adjustments in SSH default configuration file.

Permit Or Deny SSH Entry To A Specific Person Or Group In Linux

The openSSH default configuration file has two directives for permitting and denying SSH entry to a specific person(s) or a bunch. First, allow us to see methods to enable or allow SSH entry to an person and group. Please observe that every one instructions given under ought to be run as root or sudo person.

1. Permit SSH Entry to a person or group

To permit SSH entry for a specific person, for instance sk, edit sshd_config file:

$ sudo vi /and many others/ssh/sshd_config

Press “i” to enter into insert mode and add or modify the next line:

AllowUsers sk

Edit ssh configuration file to permit ssh entry to specific person

Change “sk” along with your username. Please thoughts the area indentation between “AllowUsers” and “sk”. It is best to use Tab as an alternative of House-bar. That means – add the phrase “AllowUsers” and hit the Tab key after which specify the username.

You can even specify multiple person as proven under.

AllowUsers user1 user2

To permit a complete group, say for instance root, add/edit the next line:

AllowGroups root

This setting will enable all of the members of the “root” group to ssh to the Linux server.

Press ESC key to exit insert mode and sort :wq to save lots of and give up the SSH config file. Restart SSH service to take impact the adjustments.

$ sudo systemctl restart sshd

Now, the person sk and all of the members of the “root” group are allowed to ssh into your Linux server. The opposite customers (besides sk and members of “root” group) are usually not allowed to entry the system through ssh.

To confirm it, attempt to ssh into the Linux server as any one of many non-allowed person:

$ ssh [email protected]

You’ll get the next error message:

[email protected]’s password:
Permission denied, please attempt once more.

SSH entry permission denied

2. Deny SSH Entry to a person or group

To disable or deny SSH entry to an person or group, it’s essential add/modify the next directives in your distant server’s sshd_config file.

DenyUsers
DenyGroups

To disclaim SSH entry to particular person referred to as “sk”, edit sshd_config file:

$ sudo vi /and many others/ssh/sshd_config

Add/edit the next line in sshd_config file.

DenyUsers sk

Ensure the area indention is appropriate. Do not use House-bar. Press Tab key and add the username.

Equally, to disclaim SSH entry to a number of customers, specify the usernames with area separated as proven under.

DenyUsers user1 user2

Likewise, to disclaim SSH entry to a complete group, for instance root, add:

DenyGroups root

Save and give up the ssh config file. Restart ssh service to take impact the adjustments.

$ sudo systemctl restart sshd

Now attempt to ssh to your Linux machine from blocked person account, for instance sk:

$ ssh [email protected]

You’ll get the next message:

[email protected]’s password:
Permission denied, please attempt once more.
[email protected]’s password:

3. Disable SSH Root Login

Root ssh entry is taken into account a foul follow when it comes to safety. So it’s strongly advisable to disable SSH Root person login to safe your system.

To disable root ssh login, edit sshd_config file:

$ sudo vi /and many others/ssh/sshd_config

Discover the next line, Uncomment it, and set the worth to no.

PermitRootLogin no

Restart SSH service to take impact the adjustments instantly:

$ sudo systemctl restart sshd

You recognize now methods to grant and prohibit SSH entry to sure person(s) or a bunch in Linux. You additionally discovered methods to deny or disable SSH root login in Linux. It’s certainly one of advisable safety follow each Linux admin ought to implement when organising a Linux server.

Associated learn: