Deny/Allow Access for Users & Groups in OpenSSH

For security purposes many times we required to restrict or allow for SSH access for specific Users or Groups. To make any changes edit OpenSSH configuration file /etc/ssh/sshd_config and do required changes for allowing or denying any user or group.

Allow/Deny Users and Groups:

To allow or deny any user or group on OpenSSH, first edit configuration file/etc/ssh/sshd_config in your favorite editor and do changes as following examples.
1. Deny Users: To restrict for block specific user for SSH on server add the following rules. For example to restrict users raj, john and sarah.
DenyUsers  raj  john  sarah
2. Deny Groups: In place of restricting specific users we can also restrict groups in OpenSSH. For example to restrict support and marketing groups from ssh add following rules.
DenyGroups  support  marketing
3. Allow Users: By default all users are allowed to login to OpenSSH server. But we can specifically allow any user, For example hackthesec and linuxos belongs to support group and we already have restricted that group members. So we can specify that users in Allow users to allow them specifically.
AllowUsers  hackthesec  linuxos
4. Allow Groups: Similarly we can allow all the members of specific group which may be denied in any other group. For example user andrew and peter belongs to marketing group as well as admin group. So we can allow access to both users by allowing admin group.
AllowGroups  admin

Restart OpenSSH:

After doing any changes in configuration file, make sure to restart OpenSSH service as following.
# service sshd restart
# systemd restart sshd

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment