Deny/Allow Access for Users & Groups in OpenSSH
For security purposes many times we required to restrict or allow for SSH access for specific Users or Groups. To make any changes edit OpenSSH configuration file /etc/ssh/sshd_config and do required changes for allowing or denying any user or group.
Allow/Deny Users and Groups:
To allow or deny any user or group on OpenSSH, first edit configuration file/etc/ssh/sshd_config in your favorite editor and do changes as following examples.
1. Deny Users: To restrict for block specific user for SSH on server add the following rules. For example to restrict users raj, john and sarah.
DenyUsers raj john sarah
2. Deny Groups: In place of restricting specific users we can also restrict groups in OpenSSH. For example to restrict support and marketing groups from ssh add following rules.
DenyGroups support marketing
3. Allow Users: By default all users are allowed to login to OpenSSH server. But we can specifically allow any user, For example hackthesec and linuxos belongs to support group and we already have restricted that group members. So we can specify that users in Allow users to allow them specifically.
AllowUsers hackthesec linuxos
4. Allow Groups: Similarly we can allow all the members of specific group which may be denied in any other group. For example user andrew and peter belongs to marketing group as well as admin group. So we can allow access to both users by allowing admin group.
AllowGroups admin
Restart OpenSSH:
After doing any changes in configuration file, make sure to restart OpenSSH service as following.
# service sshd restart
or
# systemd restart sshd
0 comments:
Post a Comment