At various times it is necessary to restrict the users which can access a certain host. If your network relies on SSH it is as simple as changing an option in the sshd_config configuration file. You will of course need root access to make the necessary changes to this file and eventually reset the SSH daemon.
This configuration file is usually located here.
/etc/ssh/sshd_config
Open the file as root in order to make changes.
$ sudo vim /etc/ssh/sshd_config
You need to set the AllowUsers keyword followed by the users you want to have access to the machine.
AllowUsers ryan joe
If you want to do something more complex here is the output from the man page:
AllowUsers
This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. ‘*’ and ‘?’ can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Another helpful to set the PermitRootLogin to ‘no’ so that the root account is inaccessible.
PermitRootLogin no
When these settings have been changed go ahead and restart the SSH daemon.
$ sudo /etc/init.d/sshd restart
There are of course ways around this if other users have access to sudo or the root account. But for the most part it is a good way to restrict user access.
Comments (1)
on July 11, 2010 at 7:08 pm
Google Company Address
Trackbacks (0)