Ubuntu: Disable SSH for certain users
by admin on Jul.24, 2010, under Linux (Ubuntu)
Recently I installed a game on my server, and as it’s important for me to eliminate all potentional security holes, I also tried to disable SSH access for limited user accounts. Especially for gameservers it’s very important, to not run the server with root privileges, because if someone would find a way to hack the system, the hacker would automatically get full root access to the system, which would get you into serious trouble.
Ok, but how to disable SSH and similar services (like Telnet etc.) ?
Well, first of all create a new standard user account. If it’s not an administrator account, it won’t be able to access other users files. After the account has been created, login via SSH (for the last time) and after you’ve successfully logged in, you’ll be in your home directory.
—
New method: This method was posted by _Andrey_ (thanks!):
1. Edit the file /etc/ssh/sshd_config:
vim /etc/ssh/sshd_config
2. Add an AllowUsers instruction to grant SSH access for the user allowed_user:
AllowUsers allowed_user
You may also limit access to a user connecting from a certain IP:
AllowUsers root@192.168.1.32 allowed_user
—
Old method:
In your home directory you’ll find a file called .bash_login . This file is executed, whenever this user logs in successfully. So open it with vim by typing the following command :
vi .bash_login
and delete all lines, until you’ve a completely empty file. Then insert the following code :
#!/bin/bash echo "Interactive logins are not permitted on this account." exit
After doing so, press CTRL+ZZ in order to save and close the file. When logging in via SSH for the next time, you’ll receive an error message and will be unable to connect via this user account.
Now make sure that no one else can edit that file:
chmod 600 .bash_login
And change the ownership to root:
chown root:root .bash_login
To be honest, I do not think this is an excellent way of disabling SSH, as it rather is a sort of blocking it. I’m sure there are ways to bypass this trick, but for now I won’t describe further ways of archieving this goal.
March 23rd, 2011 on 23:07
Update: Anagry birds hits Amazon app store.
February 4th, 2012 on 00:24
You can use directive AllowUsers allowed_user_name in /etc/ssh/sshd_config