How to enable and disable SSH for user on Linux

After installing SSH on your Linux system, one of the most important security practices it to make sure that the service is only enabled for intended accounts. If you have one or more accounts which do not need SSH access, then the service should be disabled for those accounts. This is to prevent one being exploited, or maybe you just do not want that particular user to be using SSH to access the server.

In this tutorial, we will go through the step by step instructions to enable or disable SSH for a specific user on a Linux system.

In this tutorial you will learn:

  • How to enable or disable SSH access for a specific user
  • How to enable or disable SSH access for a user group
  • How to enable or disable SSH access for the root user
How to enable and disable SSH for user on Linux
How to enable and disable SSH for user on Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Any Linux distro
Software OpenSSH
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to enable and disable SSH for user on Linux step by step instructions



  1. Start by opening a terminal and opening the SSH server configuration file. You can use nano or your preferred text editor for this, as long as you open the file with root permissions.
    $ sudo nano /etc/ssh/sshd_config
    
  2. At the end of this file, use the directive AllowUsers to specify which user accounts you want to enable SSH access for. List all your users separated by a space.
    AllowUsers user1 user2 user3
    
  3. Similarly, use the DenyUsers directive to specify which user accounts you want to deny SSH access for. List all your users separated by a space.
    DenyUsers user1 user2 user3
    
  4. You can also allow or deny access to an entire user group with the AllowGroups and DenyGroups directives, respectively. This will allow or deny SSH access to any user that exists in those groups.
    AllowGroups administrators
    DenyGroups accountants
    
  5. To enable or disable SSH access for the root user account, you need to use a special directive PermitRootLogin. Set it to yes or no, depending on which setting you prefer. Note that enabling SSH access for the root account is generally considered a bad security practice.
    PermitRootLogin no
    

    Or

    PermitRootLogin yes
    
  6. After you are done making your changes, you can exit the file and save it. Then, for the changes to take effect, the SSH service will have to be restarted.


    Debian based systems:
    $ sudo systemctl restart ssh
    
    Red Hat based systems:
    $ sudo systemctl restart sshd
    
Editing the SSH configuration file to enable SSH access for a user
Editing the SSH configuration file to enable SSH access for a user

Closing Thoughts

In this tutorial, you saw how to enable or disable SSH access for a specific user on a Linux system. You also learned how to allow or deny access to entire user groups as well as the root administrative user. This is a common SSH security practice that every administrator should implement on their server, ensuring that only the necessary users have SSH access to the system.



Comments and Discussions
Linux Forum