The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.
To allow access only for some users add this line:
AllowUsers user1 user2
To allow access only for some groups:
AllowGroups group1 group2
To disable root login over SSH, change the PermitRootLogin line into this:
Limit root login
It is generally considered bad practice to allow the root user to log in without restraint over SSH. There are two methods by which SSH root access can be restricted for increased security.
Sudo selectively provides root rights for actions requiring these without requiring authenticating against the root account. This allows locking the root account against access via SSH and potentially functions as a security measure against brute force attacks, since now an attacker must guess the account name in addition to the password.
SSH can be configured to deny remote logins with the root user by editing the "Authentication" section in /etc/ssh/sshd_config. Simply change #PermitRootLogin prohibit-password to noand uncomment the line:
Open the configuration file.
Uncomment and or modify the desired lines in the configuration file and save.
Start the socket service.
Enable the socket service to run on boot.