Secure Shell (SSH) is one of the most common ways for users to access remote systems. System administrators often need to manage user access to their systems. Sometimes they need to block or revoke SSH access to users or groups. In this article, we will learn how to deny SSH access to users or groups in Linux. You can easily enable or disable SSH access to users or groups by making a few small changes to SSH configuration.
How to Deny SSH Access to Users or Groups
Here are the steps to deny SSH access to users or groups.
1. Deny SSH Access to Users or Groups
To block or revoke SSH access to users or groups you need to modify SSH configuration. Open SSH configuration in vi editor.
$ sudo vi /etc/ssh/sshd_config
Let us say you want to deny access to user test_user. In such case, add the following line to the SSH configuration file.
DenyUsers test_user
If you want to block SSH access to multiple users test_user1 and test_user2, mention them one after the other in a tab/space separated manner.
DenyUsers test_user1 test_user2
If you want to Deny Access to user group gp1, then use DenyGroups directive.
DenyGroups gp1
If you want to deny SSH access to multiple groups gp1, gp2, etc. add them in a space separated manner one after the other.
DenyGroups gp1 gp2
Save and close the file. Restart SSH service to apply changes.
$ sudo systemctl restart sshd
Now if you try to access your account from blocked user/group, you will get the following message.
Permission denied, please try again.
2. Disable SSH Root Login
By default, SSH root login is allowed. But this is considered to be a bad practice for security. This is because if some unauthorized person or application is able to login as root then they can completely compromise your system. So it is advisable to disable root SSH login.
For this purpose, open SSH configuration file.
$ sudo vi /etc/ssh/sshd_config
Find PermitRootLogin and set its value to no.
PermitRootLogin no
Save and close the file. Restart SSH server to apply changes.
$ sudo systemctl restart sshd
3. Allow SSH Access to Users or Groups
If you want to allow SSH access to users or groups, open SSH configuration file in text editor.
$ sudo vi /etc/ssh/sshd_config
If you want to allow SSH access to user test_user, add the following directive in your SSH configuration file.
AddUsers test_user
If you want to allow access to multiple users test_user1, test_user2, then mention them one after the other in AddUsers directive.
AddUsers test_user1 test_user2
If you want to allow SSH access to group gp1 use AddGroups directive.
AddGroups gp1
Similarly, if you want to allow SSH access to multiple groups gp1, gp2, etc. list them one after the other in a space separated manner.
AddGroups gp1 gp2
Save and exit the file. Restart SSH Server to apply changes.
$ sudo systemctl restart sshd
Now you should be able to login into SSH using the following command.
$ ssh user@hostname_or_ip
In this article, we have learnt how to deny or block SSH access to users and groups in Linux.
Also read:
How to Batch Convert PNG to JPG in Linux
How to Convert Webp to Gif in Linux
How to Convert Images to Webp in Linux
How to Convert Images to Webp in Python
How to Check if User Has Sudo Access