How to Deny/Allow Access for Users & Groups in OpenSSH

For security reasons many times we need to restrict or allow SSH access for specific Users or Groups. OpenSSH has two directives for allowing and denying ssh user access.

To make any changes edit OpenSSH configuration file /etc/ssh/sshd_config and do required changes for allowing or denying any user or group in to your Linux or Unix based servers.

Allow/Deny Users and Groups:

To allow or deny any user or group on OpenSSH, You need to edit configuration file /etc/ssh/sshd_config in your favorite editor and do changes as given below.

1. Deny Users: To restrict or block specific user for SSH on server add the following rules.

For example i want to restrict users Norman, John and Sarah.

DenyUsers Norman John Sarah

2. Deny Groups: We can also restrict groups in OpenSSH. For example to restrict support and NOC groups from ssh add following rules.

DenyGroups support NOC

3. Allow Users: By default all users are allowed to login OpenSSH server. But we can specifically allow any user, For example shawn and max belongs to support group and we already have restricted that group members. So we can specify that users in Allow users.

AllowUsers shawn max

4. Allow Groups: Similarly we can allow all the members of specific group which may be denied by any other group. For example user austin and james belongs to NOC group as well as admin group. So we can allow access to both users by allowing admin group.

AllowGroups admin

Restart OpenSSH:

Once completed all changes, make sure to restart OpenSSH service as following.

# service sshd restart
# systemd restart sshd

Leave a Reply

Register to Get FREE Offers

Why Pay for Software when you can GET it for FREE