Allow/Deny Specific Users to Login via SSH on Ubuntu 18.04

1
6442

Hello there, today we are going to learn how to allow/deny specific users to login via SSH on Ubuntu 18.04 system.

Allow/Deny Specific Users to Login via SSH on Ubuntu 18.04

  • Allow Specific Users to Login via SSH on Ubuntu 18.04

    In order to allow specific users or a specific group of users to login to an Ubuntu 18.04 system via SSH, AllowUsers or AllowGroups options can be used in SSH daemon configuration file, /etc/ssh/sshd_config.

    For example, to allow users, amos and admin to login, edit the SSHd configuration file  and add the line below;

    vim /etc/ssh/sshd_config
    ...
    AllowUsers amos admin

    Once changes are made, restart SSH.

    systemctl restart ssh

    Now, if you try to login as any other user apart from the two allowed above, you should get permission denied.

    ssh [email protected]
    [email protected]'s password: <Password>
    Permission denied, please try again.

    If you check authentication logs, it states clearly;

    Mar 27 19:46:07 u18svr sshd[886]: User mibey from 192.168.0.101 not allowed because not listed in AllowUsers

    To allow a specific group of users to login, you would add the following line to SSHd configuration file;

    AllowGroups administrators

    This will allow only the members of the administrators group login

    getent group administrators
    administrators:x:1004:admin,mibey

    If you try to login as a user who is not a member of the administrators group, you will get permission denied.

    ssh [email protected]
    [email protected]'s password:
    Permission denied, please try again
  • Deny Specific Users to Login via SSH on Ubuntu 18.04

    Similarly, to deny a specific user from logging in via SSH, you simply use the DenyUsers or DenyGroups option with a list of users or groups to deny access respectively.

    DenyUsers amos mibey

    If you try to login as any of the above users, you will get permission denied.

    To deny a group of users, say the administrator group whose members are admin and mibey, you would add the following line to SSHd configuration file.

    DenyGroups administrators

Remember to reload SSH whenever you make any changes.

Great, that is all about how to allow/deny specific users to login via SSH on Ubuntu 18.04 system. Enjoy

1 COMMENT

  1. if I want to allow user to remote via SSH but only for specific folder e.g. folder web1 inside home. He only can access that folder not the root or another system folder. How to make the configuration?

LEAVE A REPLY

Please enter your comment!
Please enter your name here