KarkomaOnline

Did you know that OpenSSH allows you to restrict users from accessing your machine?

By default, OpenSSH allows logins for anyone with a shell and valid password. Imagine a mail server where mail users have a system account. If you would like to deny access to some of them, OpenSSH provides a means of doing so.

Simply edit /etc/sshd_config (the main OpenSSH server configuration file) and add the following:

DenyUsers username1 username2

or

AllowUsers preferred_user1 preferred_user2

You could also restrict access to a particular user and host:

DenyUsers username@host

You could even control access based on groups:

AllowGroups admins

References:

• man sshd_config

This entry was posted on Friday, August 29th, 2003 at 6:23 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.