Allow/Deny Specific Users to Login via SSH on Ubuntu 18.04

|
Last Updated:
|
|

Hello there, today we are going to learn how to allow/deny specific users to login via SSH on Ubuntu 18.04 system.

Allow/Deny Specific Users to Login via SSH on Ubuntu 18.04

  • Allow Specific Users to Login via SSH on Ubuntu 18.04

    In order to allow specific users or a specific group of users to login to an Ubuntu 18.04 system via SSH, AllowUsers or AllowGroups options can be used in SSH daemon configuration file, /etc/ssh/sshd_config.

    For example, to allow users, amos and admin to login, edit the SSHd configuration file  and add the line below;

    vim /etc/ssh/sshd_config
    ...
    AllowUsers amos admin

    Once changes are made, restart SSH.

    systemctl restart ssh

    Now, if you try to login as any other user apart from the two allowed above, you should get permission denied.

    ssh [email protected]
    [email protected]'s password: <Password>
    Permission denied, please try again.

    If you check authentication logs, it states clearly;

    Mar 27 19:46:07 u18svr sshd[886]: User mibey from 192.168.0.101 not allowed because not listed in AllowUsers

    To allow a specific group of users to login, you would add the following line to SSHd configuration file;

    AllowGroups administrators

    This will allow only the members of the administrators group login

    getent group administrators
    administrators:x:1004:admin,mibey

    If you try to login as a user who is not a member of the administrators group, you will get permission denied.

    ssh [email protected]
    [email protected]'s password:
    Permission denied, please try again
  • Deny Specific Users to Login via SSH on Ubuntu 18.04

    Similarly, to deny a specific user from logging in via SSH, you simply use the DenyUsers or DenyGroups option with a list of users or groups to deny access respectively.

    DenyUsers amos mibey

    If you try to login as any of the above users, you will get permission denied.

    To deny a group of users, say the administrator group whose members are admin and mibey, you would add the following line to SSHd configuration file.

    DenyGroups administrators

Remember to reload SSH whenever you make any changes.

Great, that is all about how to allow/deny specific users to login via SSH on Ubuntu 18.04 system. Enjoy

SUPPORT US VIA A VIRTUAL CUP OF COFFEE

We're passionate about sharing our knowledge and experiences with you through our blog. If you appreciate our efforts, consider buying us a virtual coffee. Your support keeps us motivated and enables us to continually improve, ensuring that we can provide you with the best content possible. Thank you for being a coffee-fueled champion of our work!

Photo of author
koromicha
I am the Co-founder of Kifarunix.com, Linux and the whole FOSS enthusiast, Linux System Admin and a Blue Teamer who loves to share technological tips and hacks with others as a way of sharing knowledge as: "In vain have you acquired knowledge if you have not imparted it to others".

1 thought on “Allow/Deny Specific Users to Login via SSH on Ubuntu 18.04”

  1. if I want to allow user to remote via SSH but only for specific folder e.g. folder web1 inside home. He only can access that folder not the root or another system folder. How to make the configuration?

    Reply

Leave a Comment