RESTRICTING SSH USERS CONNECTIONS
- Layout for this exercise:
- At any of the cases studied in this exercise the configuration file to be changed is /etc/ssh/sshd_config:
1 - SSH root restrictions
- By default the authentication for the root is set to PermitRootLogin without-password, meaning that the root is only allowed to SSH login with a key:
- To disable the SSH root login change to PermitRootLogin no:
- Restarting SSH service:
- Now there is no successful access for the root:
- Changing the root permission to yes:
- Now the access is successful:
2 - SSH other users restrictions
- Editing the file /etc/ssh/sshd_config and adding a line with directive AllowUsers to allow johndoe:
- Restarting SSH service:
- SSH connection for johndoe is successful:
- However, SSH access it is not possible for user marie because this user is not included in the line AllowUsers:
- Adding user marie to the directive AllowUsers:
- Restarting SSH service:
- Connecting successfully to user marie:
- Another way to deny a user to connect with SSH (apart of not including into the directive AllowUsers line) is to write an specific DenyUsers directive for the non allowed users. For instance let's take user kevin:
- Restarting SSH service:
- Now user kevin cannot connect to the SSH service:
- Same configurations and directives can be followed for groups in the same way of users.
