Deny SSH Access to Particular User and Group

SSH is Secure Shell to connect remote system, We all know SSH is very famous and the best service for remote access. if your server has multiple users for multipurpose and want to restrict some user to access SSH to the server.

In this tutorial we will discuss  how to block or allow only particular users or group from SSH access.

The SSH configuration file is sshd_config , edit this file using vi editor

vim /etc/ssh/sshd_config
To Allow any particular users to access SSH Then add below line.

AllowUsers username-1 username-2

[irp posts="155" name="Running SSHD on Multiple Ports (Without restarting service)"]
To deny access for only below users add a line as

DenyUsers username-1 username-2
In the same way you can do it for group , If you want to allow any particular group to access SSH add the line in same way.

AllowGroups group-1 group-2

If You want to deny any groups to restrict SSH access .

DenyGroups group-1 group-2

But there is very important you should know and follow here. It is the order of mentioning.

The allow & deny directives checks are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and  AllowGroups.

So As mention above first it check DenyUsers and then AllowUsers, and same for group as well first  DenyGroups and AllowGroups

[irp posts="102" name="SSH Login Without Password Using ssh-keygen"]