Gentoo Wiki



SSH Basics

Tips & Tricks

Other Gentoo-wiki SSH



To prevent (read: make more difficult) brute force attacks to your ssh server exposed on the internet, you can limit which logins(s) can be used to log in with ssh protocol.

Limiting through pam

1. Edit file /etc/pam.d/sshd, add the following line as the first line: auth required sense=allow item=user file=/etc/ssh/ssh_allow_users onerr=fail

2. Create a new file /etc/ssh/ssh_allow_users, in which put the user id that is allowed for SSH login. -- You may actually put multiple user ids in this file, each in a separate line, for example:

File: /etc/ssh/ssh_allow_users

3. Do /sbin/service sshd restart

Limiting through user groups

A simpler approach of limiting ssh access is to add a line to the sshd config file that only allows specific groups to log in through ssh:

File: /etc/ssh/sshd_config
AllowGroups sshusers

Then simply create the group you specified if it doesn't exist already, and add users to it that you wish to grant ssh access. Any account that is not in the group will not be permitted to log in.

Retrieved from ""

Last modified: Thu, 28 Aug 2008 05:39:00 +0000 Hits: 7,258