To allow or block users SSH to a server, we can use firewall (iptables or AWS Security Groups).
But there are some needs for some specific users. Below is an example to restrict a group of users to SSH from some IPs.
1. Create a group:
groupadd limitgroup
But there are some needs for some specific users. Below is an example to restrict a group of users to SSH from some IPs.
1. Create a group:
groupadd limitgroup
usermod -a -G limitgroup limituser
2. Configure sshd - /etc/pam.d/sshd
account required pam_access.so
3. Configure rules - /etc/security/access.conf
-: limitgroup:ALL EXCEPT 111.165.70.120 112.150.60.0/20
No comments:
Post a Comment