Limiting SSH access to certain users

There are multiple ways to limit SSH access to a machine. The one I’ve found most straight forward is to use PAM access rules. First, edit /etc/pam.d/sshd and uncomment the line:

account required

Next, edit /etc/security/access.conf

The following rules allow root from a local connection and deny all but users in the SSH group.


With this in place, managing SSH access is a matter of tweaking the ssh group.