Deny SSH access to particular users

We all know SSH is very famous and the best service for remote access.

Today I am going to tell you how to block or allow only particular users or group from SSH access.

open sshd_config file as per your environment

in Debian

vim /etc/ssh/sshd_config


Then add below line to enable access for only below users

AllowUsers username1 username2


to deny access for only below users add a line as

DenyUsers username1 username2


as in the same way

AllowGroups group1 group2


and to deny groups

DenyGroups group1 group2


 But there is something very important you have to follow here. It is the order of mentioning.

From manpage of SSH 

The allow/deny directives are processed in the following
      order: DenyUsers, AllowUsers, DenyGroups, and finally
      AllowGroups.

So first mention DenyUsers and then AllowUsers then only it will works and same for DenyGroups and AllowGroups

Hope it helps.



0 comments:

Post a Comment