SSH is easily the most used service when it comes to Linux server. With SSH, we can easily connect to a Linux system remotely with ease. And since it’s used so often & installed on almost all the Linux distribution, its can also be a target to gain unwanted/illegal access. So we must ensure that our ssh sessions are secured.

We have already discussed on our article “Ultimate guide for securing ssh sessions” about how we can secure our ssh sessions. In this tutorial, we will discuss in detail about how we can restrict ssh access for some users and groups to help secure our ssh sessions.

(Recommended Read: Setting up SSH Server for Public/Private keys based Authentication (Password-less login))

(Also Read: Files transfer using scp & rsync commands)


Restrict ssh Access

Allowing ssh access to user & group

If we want to give access to ssh for only some users, we can do so. We need to edit the ssh configuration file ‘/etc/ssh/sshd_config’ & add the parameter ‘AllowUsers’ to it. Below mentioned is an example.

$ vi /etc/ssh/sshd_config

& edit the parameter ‘AllowUsers’ with the user you need to give ssh access,

AllowUsers dan

If you need to give access to multiple users, add all the usernames with a space in between,

AllowUsers dan susan testuser

Now if need to allow a group rather than a user, than we need to edit the parameter ‘AllowGroups’ in the same file i.e. ‘/etc/ssh/sshd_config’,

AllowGroups ssh_users test_group

Once the file has been edited, save the file & exit. Now restart the ssh service to implement the changes made to the file,

$ systemctl restart sshd

Now if we try to access ssh from a user that is not mentioned in the configuration file, we will get ‘Permission Denied’ error.


Denying ssh access to users or groups

If we have a good number of users that access a server using ssh and very low number of users that are not allowed to access the ssh access to server, than it’s wise that we deny access to users to user/group rather than allowing access for a number of users.

We will again use the same configuration file ‘/etc/ssh/sshd_config’ for denying access to the server. To deny access to users, we will ‘DenyUsers’ parameter,

$ vi /etc/ssh/sshd_config

& edit the following line,

DenyUsers dan

We can also mention other user to deny access, like we did above to allow access. Similarly, we can also deny access to group with the parameter ‘DenyGroups’,

DenyGroups ssh_users test_group

Once changes have been made to the file, make sure to restart the ssh service to implement the changes made.

With this we end our tutorial on how to restrict ssh access for users & groups. Please feel free to send any query or question you have using the comment box below.

If you think we have helped you or just want to support us, please consider these :-

Connect to us: Facebook | Twitter | Google Plus

Donate us some of your hard earned money: [paypal-donation]

Linux TechLab is thankful for your continued support.