Disable SSH for non root users

ssh remote-access

Everyone is doing this the hard way.. he said deny for all non-root users.. so just edit

/etc/ssh/sshd_config

Add the following

AllowGroups wheel root

Then restart ssh

Anyone in the wheel or root group will be allowed to ssh in


Several possibilities:

  • /bin/false as login shell for the normal users in /etc/passwd
  • Add only root to AllowUsers in /etc/ssh/sshd_config

Can use PAM as well: cp /etc/security/access.conf /etc/security/sshd.conf
echo "+ : root : ALL" >> /etc/security/sshd.conf
echo "- : ALL : ALL" >> /etc/security/sshd.conf

Then modify /etc/pam.d/sshd to add the following line after the other accounts:
account required pam_access.so accessfile=/etc/security/sshd.conf

This will also allow you to restrict by network if you decide to do so in the future.

Related

How to send the current working directory as an argument in windows?
Scritp to wait for few seconds before executing next line
How to manually run Windows Update for Windows 2003?
Is Internet routing (BGP) fully automated?
For tripwire, how would I have the report e-mailed only when a violation is found
Access files outside a chroot'ed environment?
ARP packets never routed?
cannot unset env variables from script
Password policy vs password never expires question
What's new in Puppet since 2007?
SQL Server tempdb size seems large, is this normal?
Accidentally ran chmod 775 -R / (not ./) on linux server (RedHat)