|
|
|||
DENY AND ALLOW USERS IN OPENSSH By default, OpenSSH allows logins for anyone with a valid password and shell. However, on a Linux system with numerous system accounts, this can be problematic. Imagine that you're running a mail server, where each mail user has a system account. If you set up an e-mail account for a friend, you may unwittingly give him or her shell access to the system. Fortunately,
OpenSSH can resolve this issue. Use your favorite editor to open the
/etc/ssh/sshd_config file, which is the master OpenSSH server configuration.
At the end of the file, you can add statements to fine-tune DenyUsers username Replace username with the name of your friend. This tells OpenSSH to disallow any logins for username, regardless of whether he or she gets the password right. OpenSSH will take the username and password but will return with an incorrect login prompt. If you want to deny access to several users, use the inverse to denyeveryone and then specify access to one or more accounts: AllowUsers username This allows only the user named username access to log in to the Linux server. No one else will have access. Use as many AllowUsers or DenyUsers keywords that you need to tighten the access controls on the system. |
||||