How to block specific username from ssh?

Question

I have testuser and I want that user to be able log-in locally, but not via ssh. How can I implement that?

score 39 · Accepted Answer · answered Nov 24 '16 at 19:28

39

Put DenyUsers user1 user2 user3 in /etc/ssh/sshd_config

answered Nov 24 '16 at 19:28

Artyom

1,723

score 16 · Answer 2 · answered Nov 25 '16 at 13:18

16

Artyom answer is correct. I'd just like to point that there is also the possibility to opt for a 'white-list' approach instead of the 'black-list' one by putting a line like this in /etc/ssh/sshd_config:

AllowUsers AuthorizedUser1 AuthorizedUser2

and reloading ssh service (service ssh restart)

Then every other user will be denied ssh access (be careful not to lock yourself out ;-) )

answered Nov 25 '16 at 13:18

e-Jim

261

you can also make access tighter even more by AllowUser AuthorizedUser1@[ip-address] I believe. This should only allow that specific user when coming from the mentioned IP address – vrms Apr 05 '19 at 20:28

How to block specific username from ssh?

2 Answers2

Linked

Related