AllowUsers
June 19, 2005 Posted by KP
Currently every website matches one shell account on my servers, I always feel it’s insecure to have more than a dozen accounts, but never taken a minute to think about how to change it.
AllowUsers parameter in sshd is just for it, to allow only one account to login with ssh, add the following line in /etc/sshd_config:
AllowUsers account_name
If you have a static IP address for login, you can make it more secure, for example:
AllowUsers account_name@192.168.1.32
Restart sshd after the file is modified:
# /etc/rc.d/sshd reload
For detailed information, please refer to the handbook.
Note: you should test the login before closing all terminals, a spelling error can lock yourself out of the server.
Update: I strongly suggest you change sshd port and reduce server visibility, which can eliminate all ssh login attempts.
Related Posts:
Filed Under: Security