After installing SSH on your Linux system, one of the most important security practices it to make sure that the service is only enabled for intended accounts. If you have one or more accounts which do not need SSH access, then the service should be disabled for those accounts. This is to prevent one being exploited, or maybe you just do not want that particular user to be using SSH to access the server.
In this tutorial, we will go through the step by step instructions to enable or disable SSH for a specific user on a Linux system.
In this tutorial you will learn:
- How to enable or disable SSH access for a specific user
- How to enable or disable SSH access for a user group
- How to enable or disable SSH access for the root user
|Requirements, Conventions or Software Version Used
|Any Linux distro
|Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
How to enable and disable SSH for user on Linux step by step instructions
- Start by opening a terminal and opening the SSH server configuration file. You can use nano or your preferred text editor for this, as long as you open the file with root permissions.
$ sudo nano /etc/ssh/sshd_config
- At the end of this file, use the directive
AllowUsersto specify which user accounts you want to enable SSH access for. List all your users separated by a space.
AllowUsers user1 user2 user3
- Similarly, use the
DenyUsersdirective to specify which user accounts you want to deny SSH access for. List all your users separated by a space.
DenyUsers user1 user2 user3
- You can also allow or deny access to an entire user group with the
DenyGroupsdirectives, respectively. This will allow or deny SSH access to any user that exists in those groups.
AllowGroups administrators DenyGroups accountants
- To enable or disable SSH access for the root user account, you need to use a special directive
PermitRootLogin. Set it to
no, depending on which setting you prefer. Note that enabling SSH access for the root account is generally considered a bad security practice.
- After you are done making your changes, you can exit the file and save it. Then, for the changes to take effect, the SSH service will have to be restarted.
Debian based systems: $ sudo systemctl restart ssh Red Hat based systems: $ sudo systemctl restart sshd
In this tutorial, you saw how to enable or disable SSH access for a specific user on a Linux system. You also learned how to allow or deny access to entire user groups as well as the root administrative user. This is a common SSH security practice that every administrator should implement on their server, ensuring that only the necessary users have SSH access to the system.