OpenSSH deny access for users groups and hosts

In an organization where when a server goes live an administrator would need to create a users with variable privileges . Some users will have special permissions with root credentials. We here are trying to block that privileged users from direct ssh log in.

To Deny a User

Open /etc/ssh/sshd_config file:

# vi /etc/ssh/sshd_config

Append following names (directives):

DenyUsers username

To Deny a Group

Append the following line

 DenyGroups groupname

To Deny a Host/Network

Open /etc/hosts.deny and add the following line

sshd: 192.168.0.0/255.255.255.0

it will block all the traffic from network 192.168.0.0/24

If you want to allow a single network add the following

sshd: ALL EXCEPT 192.168.0.0/255.255.255.0

It will block all the traffic other than 192.168.0.0/24 network.

To take effect these changes restart sshd

service sshd restart

With the above settings user , group and hosts can be blocked.

About Sandeep kalathil

Iam a System Engineer working in Cochin , Interested in Linux and Windows servers and happy to share knowledge that i have gained through my day to day work.

Check Also

tcpdump DNS output

vmware data protection (VDP) ip/dns could not be resolved

“ANY” (*) DNS Query is used by VMware Data Protection (VDP) After a VMware migration …

Comments

© all rights reserved