Consentire l'accesso a ssh a specifici utenti o gruppi

Da Caos per caso.
Versione del 30 nov 2009 alle 22:06 di imported>Giorgio (Creata pagina con 'Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced. Fortunately this can be easily do…')
(diff) ← Versione meno recente | Versione attuale (diff) | Versione più recente → (diff)
Jump to navigation Jump to search

Its sometimes necessary to limit who has access to a server via SSH. Most Linux security hardening checklist today require this to be enforced.

Fortunately this can be easily done with openSSH. Just edit the /etc/ssh/sshd_config file and add the desired directives shown below. You don’t need them all, just use what suits you needs.

openSSH provides 4 directives, AllowUsers, AllowGroups, DenyUsers and DenyGroups

AllowUsers buddy john doe

Only users buddy, john and doe will be able to log in via ssh.

AllowGroups sysadmin bkpadmin

Only users within groups sysadmin and bkpadmin will be able to log in via ssh.

DenyUsers rambo tina

This is the opposite of AllowUsers. All users except for rambo and tina will be able to log in via ssh.

DenyGroups hr payroll

This is the opposite of AllowGroups. All groups except for hr and payroll will be able to log in via ssh.