Q. How do I limit what users can log onto a my Linux server system via OpenSSH / SSHD server?
A. OpenSSH server allows to specify usernames for login. According to man page syntax is as follows::
AllowUsers user1 user2
AllowUsers keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. * and ? can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pattern takes the form [email protected] then USER and HOST are separately checked, restricting logins to particular users from particular hosts.
Step # 1: Open sshd_config file
# vi /etc/ssh/sshd_config
Step # 2: Add a user
Only allow user vivek to login by adding following line:
Step # 3: Restart sshd
Save and close the file. In the above example, user vivek has already been created on the system. Now just restart sshd:
# /etc/init.d/sshd restart
You can also use –
Linux PAM configuration that allows or deny login via the sshd server