From recent SSH post entry of restricing SSH access to specific IP address and computer hosts, we now move on to restrict SSH port and SSH connection to specific or particular users.
As a requirement, an existing SSH server should be currently installed and running. If not, simpl install openssh server rpm package and start the service after successful installation.
OpenSSH Server Installation
# yum -y install openssh-server
Start OpenSSH Server
# service sshd start
Restrict SSH Access To Particular User Account or System Users
Step One
Backup and modify SSH configuration file /etc/ssh/sshd_config . If you want to allow SSH access logons only to Peter, Jose and John, simply insert the similar linse
AllowUsers peter jose john
Step Two
Restart OpenSSH
# service sshd restart
Verification of OpenSSH Configuration Changes
Try to SSH from separate workstation to current SSH server using a different login name and the names mentioned from sshd_config of AllowUsers line.
Monitoring Restricted SSH Log File
Tail your SSH log file and you will see a refused SSH attempt with the scenario taken above.
# tail -f /var/log/secure
Jul 27 15:39:58 server sshd[24701]: User testuser1 from 192.168.101.1 not allowed because not listed in AllowUsers
At the other end of SSH connection, the user attempting to SSH login, would similarly see the below lines
Permission denied, please try again.
Submission of correct SSH username and password combination would not permit any SSH user until AllowUsers SSH directive is remove from /etc/ssh/sshd_config or the requesting SSH user is added to AllowUsers line.
OpenSSH access and logons restrictions only to specific list of system users is just another SSH security you add up to harden your SSH configuration.
All is done.
Subscription
Categories
- HowTos (612)
- Linux Devices (40)
- Linux Diggs (620)
- Linux News (1541)
- Linux Videos (24)
Recent Posts
Blog Archive
-
▼
2008
(2301)
-
▼
July
(297)
- How To Kill Application Process ID (PID) The Faste...
- How To Install Fedora 9 From The Internet
- How To Install PHP5 and Apache HTTP Server
- How To Display The Number of Processors in Linux
- How To Prevent Alt+F1 and Alt+F2 TTY Console Login...
- How To Install Text-based File Manager
- How To Delete Linux Files Older Than 360 days
- How To Install VirtualBox on Fedora 9
- HowTo: Delete All Thumbs.db Recursively
- HowTo: Delete All Thumbs.db Recursively
- 10 Cool Open Source Easter Eggs
- KDE 4.1 rocks the desktop
- 10 Cool Open Source Easter Eggs
- KDE 4.1 rocks the desktop
- Roku's Netflix Player: a hands-on review
- PostPath cracked Exchange protocols for Postfix-ba...
- Yahoo, HP, Intel Give Ivory Towers a Stairway to t...
- Portugal Rings Up Big Order for Intel's Classmate PCs
- SSD vs. SATA RAID: A Performance Benchmark
- Roku's Netflix Player: a hands-on review
- PostPath cracked Exchange protocols for Postfix-ba...
- Yahoo, HP, Intel Give Ivory Towers a Stairway to t...
- Portugal Rings Up Big Order for Intel's Classmate PCs
- Floating Point Math in Bash
- SSD vs. SATA RAID: A Performance Benchmark
- How To Mount Remote Folder Location Via SSHFS
- How To Protect SSH From Multiple and Parallel Coor...
- How To Enable IP Forwarding in Linux
- spell check text file from terminal
- spell check text file from terminal
- How To Allow and Deny SSH Access To Specific Users
- Customer demand adds Linux to industrial computer ...
- Is OpenSolaris in hot water?
- Anatomy of the Linux file system
- Linux development on the PS 3 More than a toy - pa...
- Quotes from Bill Gates, Steve Jobs and Linus Torvalds
- Under Pressure, ISP Admits Secret Web Snooping in ...
- Open Web Foundation to Play Freedom Cop for Net Specs
- Customer demand adds Linux to industrial computer ...
- Is OpenSolaris in hot water?
- Anatomy of the Linux file system
- Linux development on the PS 3 More than a toy - pa...
- Quotes from Bill Gates, Steve Jobs and Linus Torvalds
- Installing Applications on Linux
- Under Pressure, ISP Admits Secret Web Snooping in ...
- Open Web Foundation to Play Freedom Cop for Net Specs
- Microsoft Becomes Just a Little More Like Apple
- Tux3, a Versioning Filesystem
- Anatomy of Linux loadable kernel modules
- Shuttleworth: Microsoft Does Not Want War
- The Open Call
- Google Gadgets for Linux -- Almost There
- Cloud Computing: When Computers Really Do Rule
- Consoles Sell Like Hotcakes, Yahoo Cuts a Deal, Sy...
- Microsoft Becomes Just a Little More Like Apple
- Tux3, a Versioning Filesystem
- Anatomy of Linux loadable kernel modules
- Shuttleworth: Microsoft Does Not Want War
- The Open Call
- Google Gadgets for Linux -- Almost There
- Cloud Computing: When Computers Really Do Rule
- Consoles Sell Like Hotcakes, Yahoo Cuts a Deal, Sy...
- How To Install Adobe Flash Player 10 in Fedora
- How To Add and Install Alternative Liberation Fonts
- Digg it: Top 1 Supercomputer is powered by Fedora
- How To Send System Message To FTP Clients via TCP ...
- Intel Switches From Ubuntu To Fedora For Mobile Linux
- Intel Switches From Ubuntu To Fedora For Mobile Linux
- How To Create Separate SSH Log File for Specific S...
- How To Allow and Deny SSH Access To Selected Hosts...
- Fedora 10 - Friends, Freedom, Features, and First
- Fedora 10 - Friends, Freedom, Features, and First
- The Mess That is Linux Volume Management
- Are We About to Witness a Real OS X virus?
- Security is No Secret
- Enterprise Storage Solution Using Nand Flash and ZFS
- Shuttleworth Sets Bar For Linux 'Beyond Apple'
- Why We Still Need the iPhone App Black Market
- DragonFly BSD 2.0 Released
- Interview with Mandriva's KDE Developer Helio Castro
- Mandriva and PTech Announce Low-cost Desktop
- The Coco Bidet and Toilet Technology
- The Mess That is Linux Volume Management
- Are We About to Witness a Real OS X virus?
- Security is No Secret
- Enterprise Storage Solution Using Nand Flash and ZFS
- Shuttleworth Sets Bar For Linux 'Beyond Apple'
- Why We Still Need the iPhone App Black Market
- DragonFly BSD 2.0 Released
- Interview with Mandriva's KDE Developer Helio Castro
- Mandriva and PTech Announce Low-cost Desktop
- The Coco Bidet and Toilet Technology
- Automatix Comes to Fedora 9 - FedoMATIX
- Automatix Comes to Fedora 9 - FedoMATIX
- #1 Supercomputer in the World Runs Fedora
- #1 Supercomputer in the World Runs Fedora
- How To Install An Extremely Fast, Lightweight, But...
- How To Bypass DNS Log Monitoring By Your ISP
- Veteran developer ditches Microsoft for open source
- Why not learn a little language while you work, Am...
-
▼
July
(297)
Sunday, July 27, 2008
How To Allow and Deny SSH Access To Specific Users
Subscribe to:
Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy
0 comments:
Post a Comment