I want to deny access to a single user (test1 ) from ip – 192.168.122.16. So this is what I have added the following line in /etc/ssh/sshd_config
DenyUsers test1@192.168.122.16
Then have restarted sshd after making changes to the sshd_config. But after this change in the conf file all the users from that IP after getting a permission denied message. Instead I want to deny access only to a single user 'test1'.
sshd_config
man pages states as follows:
DenyUsers
This keyword can be followed by a list of user name
patterns, separated by spaces. Login is disallowed for user names
that match one of the patterns. Only user names are valid; a
numerical user ID is not recognized. By default, login is allowed for
all users. If the pattern takes the form USER@HOST then USER and HOST
are separately checked, restricting logins to particular users from
particular hosts. The allow/deny directives are processed in the
following order: DenyUsers, AllowUsers, DenyGroups, and finally
AllowGroups.
I am particularly intereted in restricting only the user 'test1' from the above IP. But I am ok with the user doing a login from a diffirent IP. Anything I am missing here ?
Best Answer
Thats the way it works, I've just tested it myself on a RHEL6 server here, all I added to was:
/etc/sshd/sshd_config:
And now only sirch is unable to login only from that address. Sirch can log in from other addresses, and everyone else can log in from all addresses including that one.
Is it possible something else changed?