{"id":2463,"date":"2019-03-27T20:33:12","date_gmt":"2019-03-27T17:33:12","guid":{"rendered":"http:\/\/kifarunix.com\/?p=2463"},"modified":"2019-05-12T09:21:42","modified_gmt":"2019-05-12T06:21:42","slug":"allow-deny-specific-users-to-login-via-ssh-on-ubuntu-18-04","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/allow-deny-specific-users-to-login-via-ssh-on-ubuntu-18-04\/","title":{"rendered":"Allow\/Deny Specific Users to Login via SSH on Ubuntu 18.04"},"content":{"rendered":"<p>Hello there, today we are going to learn how to allow\/deny specific users to login via SSH on Ubuntu 18.04 system.<\/p>\n<h3>Allow\/Deny Specific Users to Login via SSH on Ubuntu 18.04<\/h3>\n<ul>\n<li>\n<h3>Allow Specific Users to Login via SSH on Ubuntu 18.04<\/h3>\n<p>In order to allow specific users or a specific group of users to login to an Ubuntu 18.04 system via SSH, <code>AllowUsers<\/code> or <code>AllowGroups<\/code> options can be used in SSH<span class=\"ILfuVd\"> daemon configuration file, <code>\/etc\/ssh\/sshd_config<\/code>.<\/span><\/p>\n<p>For example, to allow users, amos and admin to login, edit the SSHd configuration file\u00a0 and add the line below;<\/p>\n<pre>vim \/etc\/ssh\/sshd_config<\/code><\/pre>\n<pre>...\n<strong>AllowUsers amos admin<\/strong><\/code><\/pre>\n<p>Once changes are made, restart SSH.<\/p>\n<pre>systemctl restart ssh<\/code><\/pre>\n<p>Now, if you try to login as any other user apart from the two allowed above, you should get permission denied.<\/p>\n<pre>ssh mibey@192.168.0.102\nmibey@192.168.0.102's password: &lt;Password&gt;\n<strong>Permission denied, please try again.<\/strong><\/code><\/pre>\n<p>If you check authentication logs, it states clearly;<\/p>\n<pre>Mar 27 19:46:07 u18svr sshd[886]: User mibey from 192.168.0.101 not allowed because not listed in AllowUsers<\/code><\/pre>\n<p>To allow a specific group of users to login, you would add the following line to SSHd configuration file;<\/p>\n<pre>AllowGroups administrators<\/code><\/pre>\n<p>This will allow only the members of the administrators group login<\/p>\n<pre>getent group administrators\nadministrators:x:1004:admin,mibey<\/code><\/pre>\n<p>If you try to login as a user who is not a member of the administrators group, you will get permission denied.<\/p>\n<pre>ssh amos@192.168.0.102\namos@192.168.0.102's password:\nPermission denied, please try again<\/code><\/pre>\n<\/li>\n<li>\n<h3>Deny Specific Users to Login via SSH on Ubuntu 18.04<\/h3>\n<p>Similarly, to deny a specific user from logging in via SSH, you simply use the <code>DenyUsers<\/code> or <code>DenyGroups<\/code> option with a list of users or groups to deny access respectively.<\/p>\n<pre>DenyUsers amos mibey<\/code><\/pre>\n<p>If you try to login as any of the above users, you will get permission denied.<\/p>\n<p>To deny a group of users, say the administrator group whose members are admin and mibey, you would add the following line to SSHd configuration file.<\/p>\n<pre>DenyGroups administrators<\/code><\/pre>\n<\/li>\n<\/ul>\n<p>Remember to reload SSH whenever you make any changes.<\/p>\n<p>Great, that is all about how to allow\/deny specific users to login via SSH on Ubuntu 18.04 system. Enjoy<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello there, today we are going to learn how to allow\/deny specific users to login via SSH on Ubuntu 18.04 system. Allow\/Deny Specific Users to<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[121,362,64],"tags":[365,363,366,364,71],"class_list":["post-2463","post","type-post","status-publish","format-standard","hentry","category-howtos","category-ssh","category-ubuntu-18-04","tag-allowgroups","tag-allowusers","tag-denygroups","tag-denyusers","tag-ssh","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2463"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2463"}],"version-history":[{"count":3,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2463\/revisions"}],"predecessor-version":[{"id":2923,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2463\/revisions\/2923"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}