Sunday, July 27, 2008

How To Allow and Deny SSH Access To Specific Users

From recent SSH post entry of restricing SSH access to specific IP address and computer hosts, we now move on to restrict SSH port and SSH connection to specific or particular users.

As a requirement, an existing SSH server should be currently installed and running. If not, simpl install openssh server rpm package and start the service after successful installation.

OpenSSH Server Installation

# yum -y install openssh-server

Start OpenSSH Server

# service sshd start

Restrict SSH Access To Particular User Account or System Users

Step One

Backup and modify SSH configuration file /etc/ssh/sshd_config . If you want to allow SSH access logons only to Peter, Jose and John, simply insert the similar linse

AllowUsers peter jose john

Step Two

Restart OpenSSH

# service sshd restart

Verification of OpenSSH Configuration Changes

Try to SSH from separate workstation to current SSH server using a different login name and the names mentioned from sshd_config of AllowUsers line.

Monitoring Restricted SSH Log File


Tail your SSH log file and you will see a refused SSH attempt with the scenario taken above.

# tail -f /var/log/secure

Jul 27 15:39:58 server sshd[24701]: User testuser1 from 192.168.101.1 not allowed because not listed in AllowUsers

At the other end of SSH connection, the user attempting to SSH login, would similarly see the below lines

Permission denied, please try again.

Submission of correct SSH username and password combination would not permit any SSH user until AllowUsers SSH directive is remove from /etc/ssh/sshd_config or the requesting SSH user  is added to AllowUsers line.

OpenSSH access and logons restrictions only to specific list of system users is just another SSH security you add up to harden your SSH configuration.

All is done.

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy