- Linux Administration Cookbook
- Adam K. Dean
- 134字
- 2021-07-02 14:24:16
AllowUsers
We've already denied the root user access to our system, but what if we wanted to take this a step further and specify the users we want to grant access to?
For that, we need the AllowUsers setting.
This is rarely a default setting, or even commented out in the sshd_config file, so we're going to add it to the bottom:
# PermitTTY no
# ForceCommand cvs server
AllowUsers vagrant
Restart the SSH daemon:
[vagrant@centos2 ~]$ sudo systemctl restart sshd
Now, you've got a system that only the vagrant user will be able to SSH to. You can also add multiple names to this list, or even substitute this whitelist for a blacklist, with DenyUsers.
If we want, we can work on a group basis (instead of individual usernames) with AllowGroups and DenyGroups.