How to allow or deny SSH access to a particular user or group?

Ievaz

This tutorial will show how to enable or disable SSH access for the user or group by making a few changes in SSH default configuration file.

To do that, you should log in to your VPS as root or user with sudo privileges.

1. Enable SSH access to a particular user or group on VPS:

1.1 To allow SSH access for a particular user, for example, test, edit sshd_config file:

sudo vi /etc/ssh/sshd_config

1.2 Press "i" to enter into insert mode and add or edit the following line:

AllowUsers test

Note 1: Please take note of the space between "AllowUsers" and "test." Instead of using the Space-bar, you should use the Tab key. To put it another way, type "AllowUsers" and then press the Tab key to provide the username of your user. _

1.3 Also, you can specify more than one user:

AllowUsers test1 test2

1.4 To allow an entire group, for instance, root, add or modify the following line:

AllowGroups root

This will allow all the users of the "root" group to connect to a server via SSH.

1.5 After saving changes in SSH default configuration file, you should restart SSH service to take effect the changes with this command:

sudo systemctl restart sshd

If one of the non-allowed users try to log in, the user should receive the following message:

Permission denied, please try again.

2. Disable SSH access to a user or group

2.1 To disable SSH access to specific user called "test1", you will need to edit sshd_config file:

sudo vi /etc/ssh/sshd_config

2.2 Add or modify the following line in sshd_config file.

DenyUsers test1

2.3 To deny SSH access to multiple users, specify the usernames with space separated as shown below:

DenyUsers test1 test2

2.4 To disable SSH access to an entire group, for example, root, add the following line:

DenyGroups root

2.5 After saving these changes, restart ssh service:

sudo systemctl restart sshd

Now blocked users our groups will not be able to log in to the server via SSH.