Shulou(Shulou.com)06/02 Report--

This article is to share with you about how to disable SSH in the Linux system, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

What is SSH?

Openssh is called OpenBSD Secure Shell. Secure Shell (ssh) is a free and open source network tool that allows us to securely access remote hosts in an insecure network by using the Secure Shell (SSH) protocol.

It adopts the client-server architecture (CCMX S), and has the functions of user authentication, encryption, transferring files between computers and tunnels, etc.

We can also do this with traditional tools such as telnet or rcp, but none of these tools are secure because they use clear text to transmit passwords when performing any action.

How to allow users to use SSH in Linux?

With the following, we can enable ssh access for a specified user or user list. If you want to allow multiple users, you can separate them with spaces on the same line when adding users.

To achieve this, simply append the following values to the / etc/ssh/sshd_config file. In this example, we will allow the user user3 to use ssh.

# echo "AllowUsers user3" > > / etc/ssh/sshd_config

You can run the following command to check again whether the addition is successful.

# cat / etc/ssh/sshd_config | grep-i allowusers AllowUsers user3

That's it. Now all you need to do is restart the ssh service and witness miracles. (the following two commands have the same effect. Please select one according to your service management mode.)

# systemctl restart sshd or # service restart sshd

The next step is simply to open a new terminal or session to try to access the Linux system with a different user identity. Yes, here user2 users are not allowed to log in using SSH and will get the error message shown below.

# ssh user2@192.168.1.4user2@192.168.1.4's password: Permission denied, please try again.

Output:

Mar 29 02:00:35 CentOS7 sshd [4900]: User user2 from 192.168.1.6 not allowed because not listed in AllowUsers Mar 29 02:00:35 CentOS7 sshd [4900]: input_userauth_request: invalid user user2 [preauth] Mar 29 02:00:40 CentOS7 unix_chkpwd [4902]: password check failed for user (user2) Mar 29 02:00:40 CentOS7 sshd [4900]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.6 user=user2 Mar 29 02:00:43 CentOS7 sshd [4900]: Failed password for invalid user user2 from 192.168.1.6 port 42568 ssh3

At the same time, user user3 is allowed to log in to the system because he is in the list of allowed users.

# ssh user3@192.168.1.4user3@192.168.1.4's password: [user3@CentOS7 ~] $

Output:

Mar 29 02:01:13 CentOS7 sshd [4939]: Accepted password for user3 from 192.168.1.6 port 42590 ssh3 Mar 29 02:01:13 CentOS7 sshd [4939]: pam_unix (sshd:session): session opened for user user3 by (uid=0)

How to prevent users from using SSH in Linux?

With the following, we can configure the specified user or user list to disable ssh. If you want to disable multiple users, you can separate them with spaces on the same line when adding users.

To achieve this, simply append the following values to the / etc/ssh/sshd_config file. In this example, we will disable the use of ssh by user user1.

# echo "DenyUsers user1" > > / etc/ssh/sshd_config

You can run the following command to check again whether the addition is successful.

# cat / etc/ssh/sshd_config | grep-I denyusersDenyUsers user1

That's it. Now all you need to do is restart the ssh service and witness miracles.

# systemctl restart sshd live # service restart sshd

The next step is simply to open a new terminal or session and try to access the Linux system using the disabled user identity. Yes, here the user1 user is on the disabled list. So, when you try to log in, you will get the error message shown below.

# ssh user1@192.168.1.4user1@192.168.1.4's password: Permission denied, please try again.

Output:

Mar 29 01:53:42 CentOS7 sshd [4753]: User user1 from 192.168.1.6 not allowed because listed in DenyUsers Mar 29 01:53:42 CentOS7 sshd [4753]: input_userauth_request: invalid user user1 [preauth] Mar 29 01:53:46 CentOS7 unix_chkpwd [4755]: password check failed for user (user1) Mar 29 01:53:46 CentOS7 sshd [4753]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.6 user=user1 Mar 29 01:53:48 CentOS7 sshd [4753]: Failed password for invalid user user1 from 192.168.1.6 port 42522 ssh3

How do I allow user groups to use SSH in Linux?

We can allow a specified group or groups to use ssh with the following.

If you want to allow multiple groups to use ssh, you need to separate them with spaces on the same line when adding user groups.

To achieve this, simply append the following values to the / etc/ssh/sshd_config file. In this example, we will allow the 2g-admin group to use ssh.

# echo "AllowGroups 2g-admin" > > / etc/ssh/sshd_config

You can run the following command to check again whether the addition is successful.

# cat / etc/ssh/sshd_config | grep-I allowgroupsAllowGroups 2g-admin

Run the following command to see which users belong to this user group.

# getent group 2g talk admin2g buy admin2g color adminside VLV 1005Rose user1Demo user2MagneUser3

That's it. Now all you need to do is restart the ssh service and witness miracles.

# systemctl restart sshd or # service restart sshd

Yes, user1 is allowed to log in to the system because user user1 belongs to the 2g-admin group.

# ssh user1@192.168.1.4user1@192.168.1.4's password: [user1@CentOS7 ~] $

Output:

Mar 29 02:10:21 CentOS7 sshd [5165]: Accepted password for user1 from 192.168.1.6 port 42640 ssh3

Mar 29 02:10:22 CentOS7 sshd [5165]: pam_unix (sshd:session): session opened for user user1 by (uid=0)

Yes, user2 is allowed to log in to the system because user user2 also belongs to the 2g-admin group.

# ssh user2@192.168.1.4user2@192.168.1.4's password: [user2@CentOS7 ~] $

Output:

Mar 29 02:10:38 CentOS7 sshd [5225]: Accepted password for user2 from 192.168.1.6 port 42642 ssh3 Mar 29 02:10:38 CentOS7 sshd [5225]: pam_unix (sshd:session): session opened for user user2 by (uid=0)

When you try to log in to the system using other users who are not in the allowed group, you will get the error message shown below.

# ssh ladmin@192.168.1.4 ladmin@192.168.1.4's password: Permission denied, please try again.

Output:

Mar 29 02:12:36 CentOS7 sshd [5306]: User ladmin from 192.168.1.6 not allowed because none of user's groups are listed in AllowGroups Mar 29 02:12:36 CentOS7 sshd [5306]: input_userauth_request: invalid user ladmin [preauth] Mar 29 02:12:56 CentOS7 unix_chkpwd [5310]: password check failed for user (ladmin) Mar 29 02:12:56 CentOS7 sshd [5306]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.6 user=ladmin Mar 29 02:12:58 CentOS7 sshd [5306]: Failed password for invalid user ladmin from 192.168.1.6 port 42674 ssh3

How do I prevent user groups from using SSH in Linux?

With the following, we can disable the use of ssh for a specified group or groups.

If you want to disable the use of ssh for multiple user groups, you need to separate them with spaces on the same line when adding user groups.

To achieve this, simply append the following values to the / etc/ssh/sshd_config file.

# echo "DenyGroups 2g-admin" > > / etc/ssh/sshd_config

You can run the following command to check again whether the addition is successful.

# # cat / etc/ssh/sshd_config | grep-I denygroupsDenyGroups 2g-admin# getent group 2gMuradmin2gMUTIMING UserUser2User2JUS3

That's it. Now all you need to do is restart the ssh service and witness miracles.

# systemctl restart sshd or # service restart sshd

Yes, user1 is not allowed to log into the system because he is a member of the 2g-admin user group. He belongs to the group where ssh is disabled.

# ssh user1@192.168.1.4user1@192.168.1.4's password: Permission denied, please try again.

Output:

Mar 29 02:17:32 CentOS7 sshd [5400]: User user1 from 192.168.1.6 not allowed because a group is listed in DenyGroups Mar 29 02:17:32 CentOS7 sshd [5400]: input_userauth_request: invalid user user1 [preauth] Mar 29 02:17:38 CentOS7 unix_chkpwd [5402]: password check failed for user (user1) Mar 29 02:17:38 CentOS7 sshd [5400]: pam_unix (sshd:auth): authentication failure Logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.6 user=user1 Mar 29 02:17:41 CentOS7 sshd [5400]: Failed password for invalid user user1 from 192.168.1.6 port 42710 ssh3

All users except the 2g-admin user group can log in to the system using ssh. For example, users such as ladmin are allowed to log in to the system.

# ssh ladmin@192.168.1.4ladmin@192.168.1.4's password: [ladmin@CentOS7 ~] $

Output:

Mar 29 02:19:13 CentOS7 sshd [5432]: Accepted password for ladmin from 192.168.1.6 port 42716 ssh3 Mar 29 02:19:13 CentOS7 sshd [5432]: pam_unix (sshd:session): session opened for user ladmin by (uid=0) via: https://www.2daygeek.com/allow-deny-enable-disable-ssh-access-user-group-in-linux/

The above is how to disable SSH in the Linux system. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.