Limit the user accounts that can connect through OpenSSH remotely


Jump to: navigation, search

Limit OpenSSH users

How to limit the user accounts that can connect through ssh remotely

  • Note: When you initially enable the SSH server, any user with a valid account can connect remotely. This can lead to security risks because password cracking tools exist that try common username/password pairs. This method helps restrict login access.
  • Keep a backup of the ssh server configuration file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.ORIGINAL
  • Edit the configuration file (use the gedit text editor instead of kate if using Ubuntu instead of Kubuntu):
sudo kate /etc/ssh/sshd_config
  • Change the parameter:
PermitRootLogin no

This disallows the root user from connecting through SSH remotely.

  • Add the parameter:
AllowUsers <user1> <user2> ...

and specify the usernames (space separated) that can connect remotely.

NOTE: This will allow ONLY the users specified to connect. You may use wildcards here (example: j* will allow jsmith to connect but not fsmith).

  • You can also use:
DenyUsers <user1> <User2> ...

and specify, again using wildcards, users restricted from using SSH.

  • If you enable the OpenSSH server and you do not wish to enable any remote connections, you may add:
AllowUsers nosuchuserhere
Personal tools