In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!
I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject.
Here, this link will help you search for SSH articles.
SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.
It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.
So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.
Disallow SSH Login For A Specific User:
This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press
With your terminal/connection now open, enter the following command:
1 | sudo nano /etc/ssh/sshd_config |
Find a place to make a new line and enter the following with some care:
1 | DenyUsers <username> |
Now, this one is a bit picky. Obviously, you substitute <username>
with the real name – but in between “DenyUsers” and the username you absolutely MUST press the
Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:
1 | sudo systemctl restart ssh |
If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.
Hmm… If you’re a barbarian that doesn’t use systemd, try this:
1 | sudo service ssh restart |
When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!
Closure:
Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!
Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.
Now that’s timely information. Thanks KGIII!