Method One, only allow SSH to specify settings for user logon rights
The permissions of the SSH telnet directly affect the security of the server, and it is necessary to set reasonable user permissions for SSH.
To view an SSH version of the command:
Ssh-v
To set the method for SSH to allow only specified users to log on
Add the following statement to the/etc/ssh/sshd_config file
Allow admin to log in anywhere
Allowusers Admin
Allow only users with specified IP addresses to log on
#允许root用户只能在192.168.0.1 Local Login
Allowusers root@192.168.0.1
Also restricts the user name and IP login ssh method
A single line specifies multiple users, separated by spaces. Allows root users to log in at 192.168.0.1 places only, allowing admin to log in anywhere
Allowusers root@192.168.0.1 Admin
Reboot SSH Service
Service sshd Restart
Method Two Summary
Method 1: Add in the first line of the/etc/pam.d/sshd file
Auth Required pam_listfile.so Item=user sense=allow file=/etc/sshusers
Onerr=fail
Then create the Sshusers file under/etc, edit the file, and add the username you allowed to use SSH service without restarting the SSHD service.
Add 2 users
Zhangsan
Lisisi
Method 2:pam rules can also be written as Deny
Auth Required pam_listfile.so Item=user sense=deny file=/etc/sshusers
Onerr=succeed
Method 3:pam rules can use the group limit
Auth Required pam_listfile.so Item=group sense=allow file=/etc/security/allow_groups
To add a group name to the Allow_groups file, make sure to add the root
Method 4: Set the allowusers in the sshd_config format, as
Allowusers a b C
Restart the sshd service, only A/B/C3 users can log in
Allow only one IP to log on to the server with an account?
Just add the following line to the SSH profile: sshd_config
Allowusers username@192.168.1.100
The above only allow IP address is 192.168.1.100 machine to username user login.