Shulou(Shulou.com)06/02 Report--

When using a CentOS7 system, there are usually multiple users or user groups, each with different permissions. For security reasons, some users on the system are sometimes prohibited from using ssh terminals to log in to the server.

Taking the practical operation of RAKsmart VPS as an example, this paper briefly talks about the method that CentOS7 forbids a system user or group of users to log in through SSH.

You can view all users or user groups on the system with the following command.

View user: cut-d:-f 1 / etc/passwd

View user groups: cut-d:-f 1 / etc/group

First, disable individual user login

Here, take disabling idcspy users as an example, the specific steps are as follows:

Open the configuration file / etc/ssh/sshd_config

Vi / etc/ssh/sshd_config

Add the following at the end of the file:

DenyUsers idcspy

Save the file and exit, restart the SSH feature service, so that you can disable idcspy users from logging in through the SSH command.

Service sshd restart

Disable multiple user logins

If you need to disable multiple system accounts to log in to the server using the SSH command, simply append the system account name to the end of the DenyUsers line and separate it with a space. If you disable idcspy, www and nobody, simply use the following command:

DenyUsers idcspy www nobody

III. Disable user groups

You can also use this method to prevent user groups from logging in to the server through the SSH command, such as disabling user groups group1 and group2, as follows

DenyGroups group1 group2

Note: after modifying the configuration file, the SSH service must be restarted for it to take effect. If you don't understand, you can visit the American mainframe detective.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.