By default every User and group can
connect SSH Server. But for Secure SSH server, we should mention explicitly which Users or group can connect SSH Server. For same we need to edit /etc/ssh/sshd_config
file and mention Allow Users and group as per requirement.
So after mention these derivatives, only allow users or group could login. If Deny users or Group mention that are not allowed to login
AllowGroups SSH_lan_dc1 SSH_lan_dc2
AllowUsers Ravinder Deepak Gaurav
DenyUsers Vijay tommy
DenyGroups sftp_dc1 sftp_dc2
These derivatives used for Allow and
deny groups or users.
AllowGroups -- This keyword can be followed by a list of group name
patterns, separated by spaces.login is allowed only for users whose primary
group or supplementary group list matches one of the patterns.
AllowUsers -- Mention users separated by spaces allow login.
DenyGroups -- This keyword can be followed by a list of group name
patterns, separated by spaces.login is disallowed only for users whose primary
group or supplementary group list matches one of the patterns.
DenyUsers -- Mention users separated by spaces disallow login.
Need to restart sshd service after
editing /etc/ssh/sshd_config
#service
sshd restart
Stopping
sshd:
[ OK ]
Starting
sshd:
Now only Allow users and users of
group mention in AllowGroup could login.
Note: There is no benefit of mention AllowGroup and DenyGroup
sametime because after AllowGroup all other group automatically deny. Same rule
follow with Allowusers as well
No comments:
Post a Comment