Question: A user would like to restrict the ssh login access to a server by a specific user and/or by client ip address. How this can be achieved?
Note: The configuration may differ between Oracle Linux 6 and 7 due to differences in the versions of OpenSSH bundled with each operating system.
CentOS/RHEL 7 allows “nested” configuration in /etc/ssh/sshd_config. The following is an example:
# vi /etc/ssh/sshd_config Match User testuser AllowUsers *@192.168.1.x
However, in CentOS/RHEL 6, sshd cannot parse the nested configuration so you may need to consider the following workaround.
The following example demonstrates that the user “testuser” can be logged in from 10.0.0.1 only, and the rest of the listed users can login from any host. Note that you need to list all the users who can be allowed to login, which is the downside of not supporting nested configuration.
# vi /etc/ssh/sshd_config AllowUsers email@example.com root oracle grid user1 user2