SSH:Limit Users and group through AllowGroups and AllowUsers
By default every User and group can connect SSH Server. But for Secure SSH server, we should mention exlicitly which Users or group can connect SSH Server. For same we need to edit /etc/ssh/sshd_config file and mention Allow Users and group as per requirement.
So after mention these derivates, only allow users or group could login. If Deny users or Group mention that are not allowed to login
AllowGroups SSH_lan_dc1 SSH_lan_dc2 AllowUsers sukrant vikrant yogesh DenyUsers vijay tom DenyGroups sftp_dc1 sftp_dc2
These derivatives used for Allow and deny groups or users.
AllowGroups — This keyword can be followed by a list of group name patterns, separated by spaces.login is allowed only for users whose primary group or supplementary group list matches one of the patterns.
AllowUsers — Mention users separated by spaces allow login.
DenyGroups — This keyword can be followed by a list of group name patterns, separated by spaces.login is disallowed only for users whose primary group or supplementary group list matches one of the patterns.
DenyUsers — Mention users separated by spaces disallow login.
Need to restart sshd service after editing /etc/ssh/sshd_config
#service sshd restart Stopping sshd: [ OK ] Starting sshd:
Now only Allow users and users of group mention in AllowGroup could login.
Note: There is no benefit of mention AllowGroup and DenyGroup sametime because after AllowGroup all other group automatically deny. Same rule follow with Allowusers as well
Leave a Reply