Ubuntu: Disable SSH for certain users

by on Jul.24, 2010, under Linux (Ubuntu)

Recently I installed a game on my server, and as it’s important for me to eliminate all potentional security holes, I also tried to disable SSH access for limited user accounts. Especially for gameservers it’s very important, to not run the server with root privileges, because if someone would find a way to hack the system, the hacker would automatically get full root access to the system, which would get you into serious trouble.

Ok, but how to disable SSH and similar services (like Telnet etc.) ?
Well, first of all create a new standard user account. If it’s not an administrator account, it won’t be able to access other users files. After the account has been created, login via SSH (for the last time) and after you’ve successfully logged in, you’ll be in your home directory.

New method: This method was posted by _Andrey_ (thanks!):

1. Edit the file /etc/ssh/sshd_config:

vim /etc/ssh/sshd_config

2. Add an AllowUsers instruction to grant SSH access for the user allowed_user:

AllowUsers allowed_user

You may also limit access to a user connecting from a certain IP:

AllowUsers root@ allowed_user

Old method:

In your home directory you’ll find a file called .bash_login . This file is executed, whenever this user logs in successfully. So open it with vim by typing the following command :

vi .bash_login

and delete all lines, until you’ve a completely empty file. Then insert the following code :

echo "Interactive logins are not permitted on this account."

After doing so, press CTRL+ZZ in order to save and close the file. When logging in via SSH for the next time, you’ll receive an error message and will be unable to connect via this user account.

Now make sure that no one else can edit that file:

chmod 600 .bash_login

And change the ownership to root:

chown root:root .bash_login

To be honest, I do not think this is an excellent way of disabling SSH, as it rather is a sort of blocking it. I’m sure there are ways to bypass this trick, but for now I won’t describe further ways of archieving this goal.

2 Comments for this entry

Leave a Reply


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!