Ubuntu: Disable SSH for certain users

by admin on Jul.24, 2010, under Linux (Ubuntu)

Recently I installed a game on my server, and as it’s important for me to eliminate all potentional security holes, I also tried to disable SSH access for limited user accounts. Especially for gameservers it’s very important, to not run the server with root privileges, because if someone would find a way to hack the system, the hacker would automatically get full root access to the system, which would get you into serious trouble.

Ok, but how to disable SSH and similar services (like Telnet etc.) ?
Well, first of all create a new standard user account. If it’s not an administrator account, it won’t be able to access other users files. After the account has been created, login via SSH (for the last time) and after you’ve successfully logged in, you’ll be in your home directory.

—
New method: This method was posted by _Andrey_ (thanks!):

1. Edit the file /etc/ssh/sshd_config:

vim /etc/ssh/sshd_config

2. Add an AllowUsers instruction to grant SSH access for the user allowed_user:

AllowUsers allowed_user

You may also limit access to a user connecting from a certain IP:

AllowUsers root@192.168.1.32 allowed_user

—
Old method:

In your home directory you’ll find a file called .bash_login . This file is executed, whenever this user logs in successfully. So open it with vim by typing the following command :

vi .bash_login

and delete all lines, until you’ve a completely empty file. Then insert the following code :

#!/bin/bash
echo "Interactive logins are not permitted on this account."
exit

After doing so, press CTRL+ZZ in order to save and close the file. When logging in via SSH for the next time, you’ll receive an error message and will be unable to connect via this user account.

Now make sure that no one else can edit that file:

chmod 600 .bash_login

And change the ownership to root:

chown root:root .bash_login

To be honest, I do not think this is an excellent way of disabling SSH, as it rather is a sort of blocking it. I’m sure there are ways to bypass this trick, but for now I won’t describe further ways of archieving this goal.

2 Comments for this entry

seedbox
March 23rd, 2011 on 23:07
Update: Anagry birds hits Amazon app store.
_Andrey_
February 4th, 2012 on 00:24
You can use directive AllowUsers allowed_user_name in /etc/ssh/sshd_config

RSS feed for this post (comments) TrackBack URI

Welcome
This blog was designed to be filled with articles related to some of our more recent projects, macOS and linux guides (particularly Debian), coding and plenty of other topics.
Navigator:

News

Gaming

Programming

Money

SMS

Linux

Photoshop

Reverse_Engineering