Disallow SSH Login For A Specific User

In today’s article, we’re going to learn how to disallow SSH login for a specific user. The reasons you might want to do this should be obvious, so that’ll save some time! Read on to learn how!

I’ve covered SSH in many articles. If you search for “SSH”, you’ll find a bunch of articles covering the subject. I’m not sure why there are so many, but there are. I seem to have a lot of notes on the subject. 

Here, this link will help you search for SSH articles.

SSH is “Secure Shell”, a method to login to remote computers so that you can manage them without being their physically. It’s used by systems administrators regularly, without ever needing a GUI to manage their Linux systems.

It’s also used by people like me, too lazy to walk to the other side of the room. I’m literally using SSH to manage stuff on my laptop from here on this desktop as I write this. On top of that, while not logged in right now, I was using SSH to manage a VPS earlier today.

So, SSH isn’t just for professional system administrators and, if you use SSH at home, you might as well know how to secure it. This article will help you secure your system – by learning how to disallow SSH login for a specific user.

Disallow SSH Login For A Specific User:

This article requires an open terminal on (and connection to) the computer you wish to change. That may require you to login to that computer remotely. If you’re on a local device and you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open. Otherwise, SSH into it like a boss.

With your terminal/connection now open, enter the following command:

Find a place to make a new line and enter the following with some care:

Now, this one is a bit picky. Obviously, you substitute <username> with the real name – but in between “DenyUsers” and the username you absolutely MUST press the TAB key. If you try to just use spaces, it will not work! You MUST use the TAB key which will appear to insert spaces for you!

Assuming you’ve done everything correctly, you’ll need to restart SSH for the changes to take effect. You can do that with this command:

If you were logged into a remote system to make the changes on that system, the above command is gonna log you out and you’ll need to login again. You knew that, but I figure I’ll mention it.

Hmm… If you’re a barbarian that doesn’t use systemd, try this:

When SSH restarts, the prohibited user will get a “Permission Denied” message when they try to login. Ha! That’ll teach Jerry in accounting from thinking he’s a system admin!

Closure:

Whelp… You have another article. This one has shown you how to disable SSH login for a specific user (Jerry in accounting, who had no business accessing the server anyhow). You’re welcome!

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Check Your SSH Server Configuration

Today, I’m going to show you how to check your SSH server configuration. It’s a simple process, but not one many people seem to know about. It’s also a pretty handy tool if you’re having SSH issues. Once again, this one isn’t all that complicated, I think… Read on!

So, why would you want to check your SSH server configuration?

Your SSH server might not be working. You may have made some changes and want to test it before moving it to production. An upgrade to the SSH application may have made some of the options different or even removed the options entirely.

There are all sorts of reasons why you’d want to check your SSH server configuration. Those are just a few of them. Not only will the article show you how to check your SSH configuration files – it’ll show you how to test alternative configurations. So, you can test your changes before making them – potentially saving you a physical trip to the server.

Check Your SSH Server Configuration:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

By the way, I would test/learn this on a local system. You’re potentially going to break things. In fact, let’s start by breaking them! Well, let’s create a backup first, and then we’ll break stuff.

Okay. Now let’s break something! Run this command:

Find a line that has a command and doesn’t start with a #. You can also remove the # from an option and it’ll be work. Find a one line option that has a “no” option field and change it to “oh_no” *sans quotes, though that probably won’t matter) and then save the file. 

(Also, to save the file in nano, press CTRL + X, then Y, and then ENTER and that should do it.)

Now, let’s check that SSH server configuration with the following command:

If things go according to plan, it will tell you that you have an error. On top of that, it will tell you on which line you have the error. If it doesn’t throw an error, it means your configuration is fine – or that you may need to restart your SSH service for it to see the new configuration.

If you do somehow need to restart SSH server (you shouldn’t have to), restart it with the following command:

Run the command again and that should definitely show the error, which you can easily fix by simply undoing what you did in the steps above and saving it. You almost certainly shouldn’t need to restart SSH to show the error, though you may want to restart it after you’re done playing around in the config file. Of course, if you did have to restart the SSH server, you’ll need to do so again after fixing the error you intentionally introduced.

BONUS: If you want, you can list the path and check a configuration file that’s not actually in use. So, you can check the configuration file before putting it into production. That’s just:

Again, under normal circumstances, it won’t show any output if it finds no errors. It only outputs information if there’s actually an error. So, a null response is considered normal and good.

Closure:

See? Nice and easy. Now you can check your SSH server configuration for errors – even doing so before putting the config into production. It’s a pretty handy tool to have. Also, you’ll need SSH installed and running on the machine you’ll be testing with. I figure that’s obvious, but I better mention it somewhere or someone will point it out or ask about it. Then again, people seldom read this far down in an article.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

How To: Transfer Files Over SSH with SCP

In this article, you will learn how to transfer files over SSH by using ‘scp’. If you need to transfer files over a network, this is one way to do so. There are numerous other options to transfer files over a network, and this is just one of them. Feel free to leave a comment sharing other ways you use to transfer files over SSH.

We have had quite a number of articles about SSH. It stands for “Secure Shell” and you can click to find a collection of SSH articles. If you’re entirely new to SSH, you’d probably enjoy learning how to install/enable SSH. As mentioned, there have been a bunch of articles covering this subject.

Today, we’ll be using ‘scp’, which defines itself as:

OpenSSH secure file copy

It shares quite a bit of similarity with the ‘cp’ command, a command we oddly haven’t covered yet. That’s not too important. We’ll eventually get to that article and maybe remember to link back to this one. What’s important to know is that it shares some similar features and syntax.

So, today we’re going to use ‘scp’ to transfer files over SSH, over a network. It’s a pretty good skill to know, as copying files is probably the 2nd most frequently used feature over SSH, with device management being first. At least it’d be 2nd most for me, I’m not sure what you all do with it.

Transfer Files Over SSH with scp:

This article requires an open terminal, like many other articles on this site. If you don’t know how to open the terminal, you can do so with your keyboard – just press CTRL + ALT + T and your default terminal should open.

You’re also going to need a device you can SSH into, and I can’t really help you with that. You can always install OpenSSH on your desktop and practice by using SSH over localhost. 

Now, with your terminal open, it’s time to transfer a file. The very most basic command to copy a file to the remote server would be:

You can also copy multiple files to the remote server:

You can copy all files from the directory you’re in (on the local device) easily enough. It’s just our beloved asterisk.

If you want to copy the files from the folder in AND the files from the folders in that directory (recursively), then the command just requires a -r flag.

You can actually go the other direction. If you want to transfer remote files to your local device, then you’d be looking at this command:

From that, you can use the above commands, extrapolate if you will, for ways to transfer the file to your local device from the remote device. It’s not terribly difficult, and ‘scp’ is something everyone should know if they’re working with remote computers on a regular basis.

By the way, setting up SSH on your computer isn’t a bad idea. Sometimes a malfunctioning computer can be accessed via SSH when nothing else will work. I have SSH installed (and secured) on pretty much every computer in the house.

Closure:

See? Now you know how to use ‘scp’ to copy files over a network via SSH. It’s a pretty awesome skill to have and one you may need until the end of time, or at least as long as Linux lasts as an operating system – which should be quite a long time. So, it’s in your best interests to learn how to use ‘scp’ with at least a basic level of skill.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.

Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.