Simple SSH account blocking, FreeBSD

Read the man page! There you’ll find that it’s performed in /etc/ssh/sshd_config by a troup of four directives:

DenyUsers
AllowUsers
DenyGroups
AllowGroups

In that order.

Say you’ve got group users with users jack, off, and jill, and group assholes with jack and jill.

If you want only jill to be able to login, you could specify:

AllowUsers jill

or

AllowUsers jill
AllowGroups assholes

and both of these wouldn’t allow (sic!) jack in!

If you wanted all the users of group assholes to be authorized, you’d put:

AllowUsers *
AllowGroups assholes

in the file. With only the second line, you’d lock everybody out (like I just did with my remote machine… oops!).

After you’re done, restart the server with

sudo /etc/rc.d/sshd restart

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: