In an organization where when a server goes live an administrator would need to create a users with variable privileges . Some users will have special permissions with root credentials. We here are trying to block that privileged users from direct ssh log in.
To Deny a User
Open /etc/ssh/sshd_config file:
# vi /etc/ssh/sshd_config
Append following names (directives):
To Deny a Group
Append the following line
To Deny a Host/Network
Open /etc/hosts.deny and add the following line
it will block all the traffic from network 192.168.0.0/24
If you want to allow a single network add the following
sshd: ALL EXCEPT 192.168.0.0/255.255.255.0
It will block all the traffic other than 192.168.0.0/24 network.
To take effect these changes restart sshd
service sshd restart
With the above settings user , group and hosts can be blocked.