Gentoo Wiki ArchivesGentoo Wiki

OpenSSH/Limit_logins


Image:OpenSSH-logo.png

SSH Basics

Tips & Tricks

Other Gentoo-wiki SSH

edit

Purpose

To prevent (read: make more difficult) brute force attacks to your ssh server exposed on the internet, you can limit which logins(s) can be used to log in with ssh protocol.

Limiting through pam

1. Edit file /etc/pam.d/sshd, add the following line as the first line: auth required pam_listfile.so sense=allow item=user file=/etc/ssh/ssh_allow_users onerr=fail

2. Create a new file /etc/ssh/ssh_allow_users, in which put the user id that is allowed for SSH login. -- You may actually put multiple user ids in this file, each in a separate line, for example:

File: /etc/ssh/ssh_allow_users
jihe
lucy
other_user

3. Do /sbin/service sshd restart

Limiting through user groups

A simpler approach of limiting ssh access is to add a line to the sshd config file that only allows specific groups to log in through ssh:

File: /etc/ssh/sshd_config
AllowGroups sshusers

Then simply create the group you specified if it doesn't exist already, and add users to it that you wish to grant ssh access. Any account that is not in the group will not be permitted to log in.

Retrieved from "http://www.gentoo-wiki.info/OpenSSH/Limit_logins"

Last modified: Thu, 28 Aug 2008 15:39:00 +1000 Hits: 8,059

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.