Disallow SSH Login For A Specific User

In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!

I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject. 

Here, this link will help you search for SSH articles.

SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.

It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.

So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.

Disallow SSH Login For A Specific User:

This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.

With your terminal/connection now open, enter the following command:

Find a place to make a new line and enter the following with some care:

Now, this one is a bit picky. Obviously, you substitute <username> with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!

Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:

If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.

Hmm… If you’re a barbarian that doesn’t use systemd, try this:

When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!


Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 3 Average: 5]

Bonus Article: KGIII Rants A Little About Security

The below ‘article’ is a rant about security – except it was written while really, really intoxicated. It’s not very good. I can’t even clean it up to make it good – but it does have some good bits scattered throughout and I’m just going to publish this as a ‘BONUS ARTICLE‘. 

Note: I may someday break this article down into bits and pieces, which is the only way I can think of to make it worth reading. At this point, I just don’t want the time to be wasted, so it might as well get published.

After trying to edit it, again while inebriated, I am not sure I can turn this into an article… I’m a bit inebriated. It’s perfectly legal here. I think I can… It’ll need to be pretty simple.

Let’s talk some basics about security!

You know what I get a kick out of? I get a kick out of seeing the people who move to Linux for “privacy reasons”, only to see them log back in to social media/forums to show that they have now moved to Linux.

They’ll login to accounts where they left plenty of personal information.

I’m not sure who they think they’re hiding from, but it’s not good privacy and they’re hiding from nobody important.

Real privacy is difficult, possibly next to impossible.

Seriously… Even the vaunted Tor is generally only as safe as you are smart, and then only on .onion domains. Once you hit the regular web, you’re probably not safe from a nation-state. Here are some theoretical attacks against Tor.

Realistically? How much privacy do you need or want? As you can guess, it’s a spectrum and and there are extremes on either end. There are also the law of diminishing returns on either end of the spectrum.

By the way, privacy is not security. Privacy is just one aspect of security.

So then, what is security?

Let’s start with the basics. For at least ‘good’ physical security, it should be ‘who you are’, ‘something you have’, and ‘something you know’.

For example, the security guard should check your ID to ensure who you are. The ID is something you have. The something you know is a password, a PIN, or a passphrase. That’s the least amount of security you can physically have to be any good.

Then, there are things you can do to improve it, for example. You can make it a rotating passphrase, make the guards work in pairs, require confirmation from someone proven to be in the building at the time, etc… You can do a layered approach where they may need all three of those things to enter yet another section and incorporate a man-trap between them.

Of course, on the other end of the spectrum is anyone and anything gets in and out. We tend to call those public spaces, when anyone can get in and out. As a general rule, you lose some rights to be in the public spaces – among those rights would be some degree of privacy (which will vary per jurisdiction). That’s pretty damned insecure. As far as security (and privacy goes) that’s the opposite.

So, again, there’s this giant spectrum of security. Where you want to be on that line is up to you. I find it’s a judgement call. We’re even willing to give up some privacy to be recognizable on a forum. Some of that lack of privacy is what keeps the forum secure and running smoothly. We give that privacy up because we get something in exchange.

At the same time, we might not want Google knowing everything we’re up to. We may be some dissident trying to reach a journalist to expose human rights violations and be under legitimate threat of death – or worse than death. We all make judgement calls about how much of our information we’re going to share.

And, really, unless you’re at the extremes, life is pretty good. It’s pretty easy to retain a little bit of privacy while participating in an online community. It’s less easy to do so with a typical Facebook account. where you are in some way connected to a more physical you.

Me? Oh, come on… I’ve long-since eaten the Google kool-aid. The ads here are from Google. I use their Analytics to better optimize the site, and all that – and more. Hell, I use Google Chrome and I’m logged in as the same user that does all those other things. I don’t use Gmail very often, so there’s that. I only use one of their accounts and that’s just to service my phone. But, that too is tied to all things Google.

The thing is, I know this. I know the privacy I give away. I made an informed decision to cede that privacy for those benefits. For me, the risks outweigh the benefits and I have a level of trust for Google. 

That’s the right choice – for me. Y’all make your own choices. If you don’t know how to block Analytics (or ads), just go ahead and ask. Just because I use those things doesn’t mean you need to. You’re perfectly free to block anything you want. You’ll still show up and be counted in the raw server logs. I’ll still be able to see what you did on the site. (Don’t worry, I don’t much care – unless you’re harming the site. The site’s security automatically blocks hundreds of requests per day.) But, yeah, I could see your IP address.

Oh, man… Oh no!!! Your IP address?!?

And the things people think about their IP address, as though it’s some great secret. If you really care, use a VPN – but learn what a VPN actually is before buying into the hype. They tout it as some great security (and it actually can be, but not how you’re using it) but it’s not really. Especially if you’re logging into sites like the video site you’re unlocking!

By the way, it’s ‘security’ when you connect to a VPN ’cause a web access point is locked down so that it only takes inputs from one IP address. That’s not how you’re gonna be using your VPN. (Well, you might, if you keep reading these articles.)

No, your IP address isn’t important. There’s no l337 hacker out there that’s just waiting to learn your IP address before he dusts the Cheetos off his shirt and gets to work hacking you. It’s just bots scanning bots at this point and you’re behind a NAT anyhow. Keep your stuff secure, mostly by keeping it off the public internet.

Ah, yes… The MAC address people…

No, you don’t need to change your MAC. The only reason you’d want to do so would be for something local. It’s not hiding you from Google, ’cause it’s only seen at the very first hop in network traffic. Once the packet is beyond that point, it uses its own MAC address. While changing your MAC address is a useful skill (for local “Spoofing” purposes), it’s not gonna make you appear any different to the rest of the web.

Lemme see… 

More security stuff to spew out onto the page?

I’ve been known to say, “Security is a process, not an application.” I’m probably not the first to express it similarly, but it doesn’t make it any less true. It is indeed a process. It starts best with a good plan and deciding where on the spectrum you’d like to be. Be sure to compare that with where on the spectrum you need to be to accomplish your computational goals. Somewhere in the middle is probably gonna be the sweet spot for you.

The thing is, you have to know where you can be on the spectrum involved. You have to know what the extremes are. You have to be aware of what techniques are available and what they really do. You need to be aware of what threats there are and what goals you want to accomplish. ‘Cause the only completely secure computer is one that doesn’t work and you might want to be extra sure by burying it in 25 feet of concrete.

Want some privacy? How about blocking third party cookies and scripting. How about you take a look at browser fingerprinting and deciding where you want to be on that spectrum? In pretty much every OS you can block DNS requests by using  your hosts file. There are even curated lists that you can download and use.

Alright, I wrote this while impaired. I’ll eventually schedule it or delete it. I’ll probably proofread it, maybe trying to make it salvageable, and the likes.

Meh… After reading this sober, I’m just gonna submit it as a bonus article. It’s not very good. I just barely proofread it and it wasn’t nearly as good as it seemed while drunk!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 3 Average: 5]

How To: Remove AppArmor From Ubuntu

In today’s article, we’re going to learn how to remove AppArmor from Ubuntu. This will work for other distros, like Debian. It’s actually not a very difficult task to remove AppArmor from Ubuntu, but it’s not something you necessarily want to do. Just because you can, doesn’t mean you should…

As many of you know, I write many of these articles based on the notes I’ve taken over the years. I’m a little reluctant to write this one, because removing AppArmor is probably not the best of choices.

AppArmor is similar to the various jails and application isolation techniques. It’s a security tool that restricts applications to a constrained set of resources. If the application is then compromised, it only has access to that set of resources and not to the whole system.

In other words, unless you know what you’re doing, you almost certainly don’t want to remove AppArmor from Ubuntu. In fact, if you don’t know what you’re doing then doing this is almost certainly a ‘not-bright’ choice.

If you’re going to remove AppArmor, you should consider replacing it with something else. SELinux is an option that’s similar, though I suppose you could use something like Firejail and be prepared to craft your own application profiles.

Again, removing AppArmor from Ubuntu (or whatever distro you’re using that has it) is probably not a good idea. I include the article because the information is already out there and because some folks may just decide to operate their system without such protections. This is Linux, you have the freedom to make bad choices. This isn’t even the first time I’ve shown you how to make bad choices.

Remove AppArmor From Ubuntu:

Like oh so many of these articles, you’re gonna need an open terminal. Just press CTRL + ALT + T and your default terminal should open. (I say that a whole lot on this site.)

We should first check to ensure AppArmor exists and is running. To do so, enter the following command:

What you’re looking for is several lines into the output. You’re looking for ‘apparmor module is loaded‘. If you see that, AppArmor both exists and is running. So, the next step in removing AppArmor is to stop the service. You do that with:

In case AppArmor is somehow installed again, we’ll make sure that it won’t start at boot by disabling the service entirely. That seems like a good idea.

Finally, we nuke AppArmor from existence with a purge command:

And that should do it. You probably want to reboot, just to make sure there are no tendrils sticking around – but stopping the service first should mean you don’t need to. Either way, you have now removed AppArmor from your system – assuming you followed the directions.


Again, and I can’t stress this enough, don’t do this unless you know what you’re doing and unless you have something to replace AppArmor with. It’s really a bad idea and you’ll gain very little. I wouldn’t even do this with a system air-gapped from the network, unless I had a very good reason to do so.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 2 Average: 5]

Change Snap Application Privileges In Lubuntu

In today’s article, we’re going to learn how to change Snap application privileges in Lubuntu. With Ubuntu, it’s a bit more straightforward. In Lubuntu, you have to dig around a little bit. Don’t worry, ‘snot hard – it’s just not all that intuitive. 

Snap applications come with their own privileges. This is useful because sometimes you may want to change them, to enable something that was disabled or to disable something that was enabled. I think it’s sorted now, but at one point you even had to change the permissions to let the Firefox browser access removable media.

In Ubuntu it’s pretty straightforward and there are a ton of tutorials already out there that will help you change Snap application privileges. It’s just one of those things that comes with Snaps, so we’ll cover Lubuntu.

I’ve written about Snap applications before, including sharing how to disable Snaps completely. However, the reality is that they’re going to be a part of the Ubuntu ecosystem for the foreseeable future.

Like them or not, they will be a part of Ubuntu and official Ubuntu flavors. I suspect trying to avoid them will get more difficult. With the new Lubuntu, for example, the Firefox browser will come as a Snap application by default.

So, well, even we folks using Lubuntu must come to grips with Snap applications. This can be a pretty painless process, if you’re armed with some information. That’s what this article is meant to do. This article is meant to teach you how to …

Change Snap Application Privileges In Lubuntu:

This is actually pretty easy, but not necessarily intuitive. Unlike many of my articles, you don’t actually have to start with an open terminal. No, you need to start with “Discover”.

So, crack open your menu, click on System Tools, and then click on Discover. Once you have Discover open, you can use the search or installed option to find the application in question. In this article, I decided to just use Firefox – seeing as we Lubuntu users will be faced with a Snap app Firefox.

When you find the application, you just click on it. It looks like so:

click on Firefox to begin
See? I even started you off with a handy arrow! It’s a recurring theme!

Once you’ve clicked the application, then you just click on the obvious! You just click on “Configure permissions”. That looks like this:

click on permissions to continue
Yup. I gave you another handy arrow – but it should be obvious now.

Finally, you can adjust the individual permissions. That looks like this:

finally, adjust your permissions as needed
There are a bunch of settings you can change. Again, you get a handy arrow!

That’s about it, really. The thing is, you have to use Discover. While the Muon application is able to install applications, it doesn’t deal with Snap applications. Only the Discover application has these menus and it’s the only way (at least graphically, by default) for you to adjust the individual Snap application privileges.

So, while it’s not necessarily intuitive – it’s not dreadfully difficult. You just have to know where to look and then it becomes obvious.


Guess what? As of tomorrow, a day where no article is scheduled, it will have been a full year that this project has been alive. That’s right! I’ve gone the full year without missing  a single publication date! If I can do it, so can’t you! 

So, am I done? No… No, I don’t think so. I still have articles that need to be written, things that need to be said. I’ve had a great deal of fun, though it has been a lot of work. I’ve learned some, you’ve learned some, and I’d say it’s a net benefit to the Linux community – though I suppose I’m a bit biased. (Feel free to agree with me!)

I may take a few days off. I’m not actually sure. I haven’t decided. I have decided that this can’t be the last article, so there’s that. Which is nice… If nothing else, I’ll see you again in a few days. I might enjoy taking a break. Then again, I kinda suck at taking breaks. I truly suck at retirement.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Smash a button!
[Total: 6 Average: 5]
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Zoom to top!