Restrict users to log in via SSH
/etc/ssh/sshd_config configuration file，add the
Deny Usersoption similar to the following to deny specified users to log in via SSH。Then restart the SSH service。
DenyUsers zhangsan aliyun
# Reject zhangsan、wixcloud accounts to log in to the system via SSH.
you can also add the
AllowUsersoption similar to the following to allow only specified users to log in through SSH.
Tip: After the configuration is complete, you need to restart the SSH service.
AllowUsers wixcloud [email protected]
# Allow wixcloud and the test account logged in from 192.168.1.1 to log in to the system through SSH.
Restrict IP address to log in via SSH
In addition to restricting a specified user to log in through SSH, you can also restrict the specified IP address. In the Linux instance, the two files
/etc/hosts.deny deny are configured to deny or allow the specified IP and IP address segments to log in to the server remotely through SSH. They are introduced as follows.
- Edit the
/etc/hosts.allow file and add content similar to the following, allowing only the specified IP address to log in via SSH.
sshd:192.168.1.1:allow #Allow the IP address 192.168.1.1 to log in via SSH.
sshd:192.168.2.1/24:allow #Allow the 192.168.2.1/24 IP address segment to log in via SSH.
- Edit the
/etc/hosts.deny file and add content similar to the following to deny all IP addresses to log in via SSH.
sshd:ALL # Deny all SSH logins
- When the above two files are set at the same time, the priority of the rules in the hosts.allow file is higher.When referring to the above two files for setting, the server only allows the IP address 192.168.1.1 and the IP address segment 192.168.2.1/24 to pass SSH Login, other IP will be denied SSH login.