This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open Desktop or Openserver.

There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

TCP/IP and NFS FAQ

How can I restrict who can login with ssh?

We often have systems that have run for years with no connection to the outside world, and now suddenly an Internet connection is added and ssh access is set up. Unfortunately, many users have weak or even blank passwords.

If only some users need to use ssh, it's best to set up new users with strong passwords and restrict ssh to only those users.


Hate these ads?


You do this by adding a line like this to /etc/ssh/sshd_config



 AllowUsers      doug essex 


 


Restart sshd after making this change (you can even do that if you are currently logged in over ssh). Only those users will be allowd ssh access.

Dave DiPietro noted: SCO versions may put the sshd configuration file at /usr/local/etc/sshd_config.

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them.

I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.




Comments









Thu Jan 1 00:00:00 1970:  






Thu Jan 1 00:00:00 1970:  






Fri Sep 26 09:30:53 2008: Subject:   JW


Just what I needed and works great, thanks!



Sun Mar 8 22:22:12 2009: Subject:   anonymous


Can I put the list of valid users into an external file, then have sshd_config source that file?




Sun Mar 8 23:33:22 2009: Subject:   TonyLawrence

gravatar
I'm not aware of any version that has inclusion features - it certainly would be a good idea. ALL config files should do that..

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar


cartoon

/SCOFAQ/FAQ_sshdusers.html copyright 1997-2003 (various) All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here


book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!





More:
       - FAQ
       - SSH











Change Congress