A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Block All Users But One From SSH Access was one problem in server stack that need for a solution. Below are some tips in manage your linux server when you find problem about linux, ssh, , , .
I can currently login to my server via ssh as root. There may be some other users, however, that have ssh access. I want to block out any possible logins except from root. How can I do this?
So you can achieve your stated desire with the AllowUsers directive in your sshd_config file, for example:
$ grep AllowUsers /etc/ssh/sshd_config AllowUsers root
However I would be wary of using the root account for ssh – consider instead an unprivileged account for normal use, using something like sudo to acquire root privileges only when needed.
From man sshd_config
AllowUsers This keyword can be followed by a list of user name patterns, separated by spaces. If specified, login is allowed only for user names that match one of the patterns. Only user names are valid; a numerical user ID is not recognized. By default, login is allowed for all users. If the pat‐ tern takes the form USER@HOST then USER and HOST are separately checked, restricting logins to particular users from particular hosts. The allow/deny directives are processed in the following order: DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. See PATTERNS in ssh_config(5) for more information on patterns.
Btw. please don’t allow passwords login for your root user. Only allow ssh keys or even better just allow a specific user to login and change to root but not root directly.
I lockout all users except root when I need to do maintenance on my Linux hosts. Just remove the file when you’re done.
echo "System maintenance in progress" > /run/nologin