By default every User and group can connect SSH Server. But for Secure SSH server, we should mention exlicitly which Users or group can connect SSH Server. For same we need to edit /etc/ssh/sshd_config file and mention Allow Users and group as per requirement.
openSSH_logo
So after mention these derivates, only allow users or group could login. If Deny users or Group mention that are not allowed to login

AllowGroups     SSH_lan_dc1 SSH_lan_dc2
AllowUsers      sukrant vikrant yogesh
DenyUsers       vijay tom
DenyGroups      sftp_dc1 sftp_dc2

These derivatives used for Allow and deny groups or users.

AllowGroups — This keyword can be followed by a list of group name patterns, separated by spaces.login is allowed only for users whose primary group or supplementary group list matches one of the patterns.

AllowUsers — Mention users separated by spaces allow login.

DenyGroups — This keyword can be followed by a list of group name patterns, separated by spaces.login is disallowed only for users whose primary group or supplementary group list matches one of the patterns.

DenyUsers — Mention users separated by spaces disallow login.

Need to restart sshd service after editing /etc/ssh/sshd_config

#service sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:   

Now only Allow users and users of group mention in AllowGroup could login.

Note: There is no benefit of mention AllowGroup and DenyGroup sametime because after AllowGroup all other group automatically deny. Same rule follow with Allowusers as well