Linux allows SSH to allow only specified user logon permission settings

Method One, only allow SSH to specify settings for user logon rights

The permissions of the SSH telnet directly affect the security of the server, and it is necessary to set reasonable user permissions for SSH.

To view an SSH version of the command:

Ssh-v

To set the method for SSH to allow only specified users to log on

Add the following statement to the/etc/ssh/sshd_config file

Allow admin to log in anywhere

Allowusers Admin

Allow only users with specified IP addresses to log on

#允许root用户只能在192.168.0.1 Local Login

Allowusers root@192.168.0.1

Also restricts the user name and IP login ssh method

A single line specifies multiple users, separated by spaces. Allows root users to log in at 192.168.0.1 places only, allowing admin to log in anywhere

Allowusers root@192.168.0.1 Admin

Reboot SSH Service

Service sshd Restart

Method Two Summary

Method 1: Add in the first line of the/etc/pam.d/sshd file

Auth Required pam_listfile.so Item=user sense=allow file=/etc/sshusers
Onerr=fail
Then create the Sshusers file under/etc, edit the file, and add the username you allowed to use SSH service without restarting the SSHD service.
Add 2 users

Zhangsan
Lisisi

Method 2:pam rules can also be written as Deny
Auth Required pam_listfile.so Item=user sense=deny file=/etc/sshusers
Onerr=succeed
Method 3:pam rules can use the group limit
Auth Required pam_listfile.so Item=group sense=allow file=/etc/security/allow_groups
To add a group name to the Allow_groups file, make sure to add the root

Method 4: Set the allowusers in the sshd_config format, as
Allowusers a b C
Restart the sshd service, only A/B/C3 users can log in

Allow only one IP to log on to the server with an account?

Just add the following line to the SSH profile: sshd_config

Allowusers username@192.168.1.100

The above only allow IP address is 192.168.1.100 machine to username user login.