Limit the user accounts that can connect through OpenSSH remotely
Limit OpenSSH users
How to limit the user accounts that can connect through ssh remotely
- Note: When you initially enable the SSH server, any user with a valid account can connect remotely. This can lead to security risks because password cracking tools exist that try common username/password pairs. This method helps restrict login access.
- Keep a backup of the ssh server configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL
- Edit the configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/ssh/sshd_config
- Change the parameter:
This disallows the root user from connecting through SSH remotely.
- Add the parameter:
AllowUsers <user1> <user2> ...
and specify the usernames (space separated) that can connect remotely.
NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith).
- You can also use:
DenyUsers <user1> <User2> ...
and specify, again using wildcards, users restricted from using SSH.
- If you enable the OpenSSH server and you do not wish to enable any remote connections, you may add: