In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!
I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject.
Here, this link will help you search for SSH articles.
SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.
It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.
So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.
This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.
With your terminal/connection now open, enter the following command:
sudo nano /etc/ssh/sshd_config
Find a place to make a new line and enter the following with some care:
DenyUsers <username>
Now, this one is a bit picky. Obviously, you substitute <username>
with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!
Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:
sudo systemctl restart ssh
If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.
Hmm… If you’re a barbarian that doesn’t use systemd, try this:
sudo service ssh restart
When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!
Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!
Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.
Today we'll cover one way to enable or disable your network interface in the Linux…
Today's exercise is a nice and simple exercise where we check your NIC speed in…
Have you ever wanted to easily monitor your wireless connection? Well, now you can learn…
I think I've covered this before with the ls command but this time we'll count…
Today we'll be learning about a basic Linux command that's known as 'uname' and it…
If you've used hardinfo in the past, it may interest you to know that hardinfo…
View Comments
Now that's timely information. Thanks KGIII!