• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

How to restrict ssh logins by user and client address on CentOS/RHEL

by admin

Question: A user would like to restrict the ssh login access to a server by a specific user and/or by client ip address. How this can be achieved?

Note: The configuration may differ between Oracle Linux 6 and 7 due to differences in the versions of OpenSSH bundled with each operating system.

CentOS/RHEL 7 allows “nested” configuration in /etc/ssh/sshd_config. The following is an example:

# vi /etc/ssh/sshd_config
Match User testuser
AllowUsers *@192.168.1.x

However, in CentOS/RHEL 6, sshd cannot parse the nested configuration so you may need to consider the following workaround.

The following example demonstrates that the user “testuser” can be logged in from 10.0.0.1 only, and the rest of the listed users can login from any host. Note that you need to list all the users who can be allowed to login, which is the downside of not supporting nested configuration.

# vi /etc/ssh/sshd_config
AllowUsers testuser@10.0.0.1 root oracle grid user1 user2

Filed Under: CentOS/RHEL 6, CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. “Server refused to allocate pty” – Unable to login to CentOS/RHEL
  2. RHEL 7 – RHCSA Notes : Create, delete, and modify local user accounts
  3. rpm: error while loading shared libraries: invalid ELF header
  4. How to Create/Format/Extend Virtual Data Optimizer(VDO) Volumes using Cockpit Web Console in CentOS/RHEL 8
  5. imagemagick for image optimization
  6. Linux Boot Process
  7. How to configure iSCSI Initiator (client) in CentOS / RHEL 6
  8. Installation Steps of jEdit on Ubuntu Linux
  9. Choosing SSSD or Winbind & Samba for Active Directory Integration in CentOS/RHEL
  10. Difference between soft links and hard links in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • What are /dev/zero and /dev/null files in Linux
  • grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  • xxd command – Expressed in hexadecimal form
  • sesearch: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright