Saturday, May 14, 2016

ssh - SSHd restriction per user basis



I need to restrict certain user(s) so that they can only SSH in using ssh keys and other users can login using key or password.



an example:



i'd like for root user to be able to login remotely (through sshd) using key, so no password would be accepted (even if password is right)




and for other users (everyone on the system) they can log in using key and/or password



how would I do that?


Answer



What I would do is to set /etc/sshd/sshd_config such that:



PermitRootLogin without-password



just for extra security and to avoid having the root password locked (it would only allow root to log in using a key)



I would instead use AllowGroups instead of AllowUser, as for me it would be more convenient to add users to a group rather than to sshd_config but that could depend on your personal preferences.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...