22

I have testuser and I want that user to be able log-in locally, but not via ssh. How can I implement that?

Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497

2 Answers2

39

Put DenyUsers user1 user2 user3 in /etc/ssh/sshd_config

Artyom
  • 1,723
16

Artyom answer is correct. I'd just like to point that there is also the possibility to opt for a 'white-list' approach instead of the 'black-list' one by putting a line like this in /etc/ssh/sshd_config:

AllowUsers AuthorizedUser1 AuthorizedUser2

and reloading ssh service (service ssh restart)

Then every other user will be denied ssh access (be careful not to lock yourself out ;-) )

e-Jim
  • 261
  • you can also make access tighter even more by AllowUser AuthorizedUser1@[ip-address] I believe. This should only allow that specific user when coming from the mentioned IP address – vrms Apr 05 '19 at 20:28