Allowing Secured Shell (SSH) remote login is a security risk for your system as it open up your computer to a host of malicious activities. One way to reduce the risk is to disallow root login from SSH, but that is not enough if there are a lot of users in your system and you only want a few of them to be able to login remotely to your server.
This post will detail how to allow or restrict certain users from SSH-ing to your server by editing /etc/ssh/sshd_config file.
DenyUsers / AllowUsers
Is used to allow or deny a number of users.
Usage:
#/etc/ssh/sshd_config
DenyUsers tom bob alice
AllowUsers mypapit johnmoffet
DenyGroups / AllowGroups
#/etc/ssh/sshd_config
DenyGroups users ftpusers
AllowGroups wheel developers
Ensure that the file is properly saved and restart sshd server for the changes to take effect!
Recommended Books for Secured Shell (SSH) Security
- Implementing SSH: Strategies for Optimizing the Secure Shell
- SSH, The Secure Shell: The Definitive GuidePro OpenSSH (Expert’s Voice in Open Source)