Edit the server configuration file (/etc/ssh2/sshd2_config) to control access to the server.
The following keywords configure user access: AllowUsers, DenyUsers, AllowTcpForwardingForUsers, DenyTcpForwardingForUsers, ForwardACL, ChrootSftpUsers, UserSpecificConfig. You can specify user names alone, or use the following syntax to include group and/or host information:
user [% group ][@ host ]
Where user is a regular expression for a user (numerical UIDs are not supported), group is a regular expression for a group, (numerical GIDs are not supported), and host is a regular expression for host (which can be a domain name, IP address, or subnet mask). For example, the following denies access to all members of the interns group at myhost.com:
DenyUsers=.*%interns@myhost.com
The following keywords configure group access: AllowGroups, DenyGroups, AllowTcpForwardingForGroups, DenyTcpForwardingForGroups, ChrootSftpGroups These keywords support any valid regular expression. Numerical GIDs are not supported. For example:
DenyGroups=interns
Related Topics