# # (SCO Unix) How can I restrict who can login with ssh?
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

How can I restrict who can login with ssh? (SCO Unix)

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2003 (various)

We often have systems that have run for years with no connection to the outside world, and now suddenly an Internet connection is added and ssh access is set up. Unfortunately, many users have weak or even blank passwords.

If only some users need to use ssh, it's best to set up new users with strong passwords and restrict ssh to only those users.

You do this by adding a line like this to /etc/ssh/sshd_config

 AllowUsers      doug essex 
 

Restart sshd after making this change (you can even do that if you are currently logged in over ssh). Only those users will be allowd ssh access.

Dave DiPietro noted: SCO versions may put the sshd configuration file at /usr/local/etc/sshd_config.

If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> (SCO Unix) How can I restrict who can login with ssh?

6 comments


Inexpensive and informative Apple related e-books:

Take Control of IOS 11

Photos for Mac: A Take Control Crash Course

Digital Sharing Crash Course

Take Control of iCloud, Fifth Edition

Take Control of Upgrading to El Capitan











Fri Sep 26 09:30:53 2008: 4606   JW


Just what I needed and works great, thanks!



Sun Mar 8 22:22:12 2009: 5633   anonymous

gravatar
Can I put the list of valid users into an external file, then have sshd_config source that file?






Sun Mar 8 23:33:22 2009: 5634   TonyLawrence

gravatar
I'm not aware of any version that has inclusion features - it certainly would be a good idea. ALL config files should do that..



Tue Jul 7 07:57:34 2009: 6617   anonymous

gravatar
Really Gud But I have one doubt about this.
Can we add this parameter to any where in to this file /etc/ssh/sshd_config or
do we have any specific line to add this entry.
Please let us know.



Tue Jul 7 10:24:51 2009: 6618   TonyLawrence

gravatar
You can put the line anywhere. Usually you'd put it down with other login related lines just for neatness.



Sun Jun 27 12:28:26 2010: 8748   anonymous

gravatar


For production systems, remove every user. Maintenance should be done by dialogs. This reduces human error. Ofcourse the dialogs must be developed on a test system. We made segregation of duty work and all without shell access. If systems fail you can finally, start a shell via a dialog or log on with root on the console.
There must be more tools, but we used FJD (FastJournaledDialog.nl).

Greetings Freddy




------------------------


Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





A man can be destroyed but not defeated. (Ernest Hemingway)




Linux posts

Troubleshooting posts


This post tagged:

FAQ

Networking

SSH

Security



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode