Linux allows SSH to allow only specified user logon permission settings

Source: Internet
Author: User
Tags auth ssh

Method One, only allow SSH to specify settings for user logon rights

The permissions of the SSH telnet directly affect the security of the server, and it is necessary to set reasonable user permissions for SSH.

To view an SSH version of the command:

Ssh-v

To set the method for SSH to allow only specified users to log on

Add the following statement to the/etc/ssh/sshd_config file

Allow admin to log in anywhere

Allowusers Admin

Allow only users with specified IP addresses to log on

#允许root用户只能在192.168.0.1 Local Login

Allowusers root@192.168.0.1

Also restricts the user name and IP login ssh method

A single line specifies multiple users, separated by spaces. Allows root users to log in at 192.168.0.1 places only, allowing admin to log in anywhere

Allowusers root@192.168.0.1 Admin

Reboot SSH Service

Service sshd Restart

Method Two Summary

Method 1: Add in the first line of the/etc/pam.d/sshd file

Auth Required pam_listfile.so Item=user sense=allow file=/etc/sshusers
Onerr=fail
Then create the Sshusers file under/etc, edit the file, and add the username you allowed to use SSH service without restarting the SSHD service.
Add 2 users

Zhangsan
Lisisi

Method 2:pam rules can also be written as Deny
Auth Required pam_listfile.so Item=user sense=deny file=/etc/sshusers
Onerr=succeed
Method 3:pam rules can use the group limit
Auth Required pam_listfile.so Item=group sense=allow file=/etc/security/allow_groups
To add a group name to the Allow_groups file, make sure to add the root

Method 4: Set the allowusers in the sshd_config format, as
Allowusers a b C
Restart the sshd service, only A/B/C3 users can log in

Allow only one IP to log on to the server with an account?

Just add the following line to the SSH profile: sshd_config

Allowusers username@192.168.1.100

The above only allow IP address is 192.168.1.100 machine to username user login.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.