How it’s possible to SSH deny all users except one? Or in other words, how can we create a dedicated SSH user? Find the steps below.
Create the user account.
Add this user to the “/etc/sudoers” file. Simply edit this file or run the below command.
You can find a line as shown below.
root ALL=(ALL) ALL
The above line means the root user can run any commands anywhere. Add the line given below under this line.
sshusr ALL=(ALL) ALL
Now save the file.
From now on, the user “sshusr” has permission to run any commands anywhere. But for this, you have to add “sudo” at the beginning of every command that you execute as user “sshusr”.
For example, if you login as “sshusr” and want to restart Apache. You have to do it as shown below.
sudo /etc/init.d/httpd restart
You can also switch this user to root user. Please run the below command.
sudo su -
Now we have created a user called “sshusr” with full permission in your system. But this doesn’t mean “sshusr” is a dedicated SSH user. Maybe there are other users in your system that have SSH shell access. Please follow the steps below to block all those users and set “sshusr” as a dedicated SSH user.
Edit the main SSH configuration file.
Add the below lines.
Save the file and restart the SSH service to update these changes.
That’s it!! That’s how you SSH Deny All Users Except One.