CentOS to prohibit users ssh and SFTP login
In Linux for security purposes, we will prohibit certain users SSH login system to operate. Here I take the CentOS operating system as an example to record how to do the processing.
1, open the sshd configuration file
?
2, modify the configuration file, add or modify such as downlink
?
1 2 3 4 |
# Prohibit user user1 login, multiple spaces separated denyusers User1 # prohibit all user logins for user group group1, multiple spaces separated denygroups group1 |
3, save the configuration, restart sshd
?
1 |
/etc/rc.d/init.d/sshd restart |
When the above configuration is complete, you can prevent users or users of user groups from logging in, and in step 2nd, you can just fill in one and adjust them as needed. Once configured, use the following command on other Linux machines to test:
?
1 2 3 4 5 6 7 8 |
# Use SSH test [root@servera ~]# ssh user1@192.168.1.168 user1@192.168.1.168 ' password:permission denied, please try again. # use SFTP test [Root@servera ~]# sftp user1@192.168.1.168 user1@192.168.1.168 ' password:permission denied, please try again. |
As you can see, it is really forbidden by the system, and thus we have achieved the control we want. But this has a flaw is, can not prohibit only allow sftp but not ssh, if you want to do this, it is estimated to be able to build a separate FTP server, such as VSFTP, later consider this.