Wednesday, February 24, 2010

Prevent users from logging into your system using SSH

Preventing access to the SSH server:

The best and most secure practice of running an SSH server is to tighten the hatches as much as possible. In this example, I will show you how to edit your sshd_config file and allow only certain users (except “joe”) to access the system via SSH. Now, lets say that you want to prevent the user “joe” from logging into SSH, but you still want him to be able to access the machine via FTP. Here is what you would do:

Edit /etc/ssh/sshd_config
Ex: vim /etc/ssh/sshd

Add a line that says AllowUsers
Ex: AllowUsers adamk tim sean jacob dave

Note that joe is not included here.
Save the sshd_config file.
Restart your sshd daemon.

Another (quick) way to do this in one simple command is:
echo “AllowUsers adamk tim sean jacob dave” >> /etc/sshd/sshd_config

No comments: