arch sshd



The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.

To allow access only for some users add this line:

AllowUsers user1 user2

To allow access only for some groups:

AllowGroups group1 group2

To disable root login over SSH, change the PermitRootLogin line into this:

PermitRootLogin no


Limit root login

It is generally considered bad practice to allow the root user to log in without restraint over SSH. There are two methods by which SSH root access can be restricted for increased security.


Sudo selectively provides root rights for actions requiring these without requiring authenticating against the root account. This allows locking the root account against access via SSH and potentially functions as a security measure against brute force attacks, since now an attacker must guess the account name in addition to the password.

SSH can be configured to deny remote logins with the root user by editing the "Authentication" section in /etc/ssh/sshd_config. Simply change #PermitRootLogin prohibit-password to noand uncomment the line:


PermitRootLogin no

2016-10-25 17:24:28gstlouis

PermitRootLogin yes

2016-10-25 17:27:33


Configure OpenSSH

Open the configuration file.

  • sudo nano /etc/ssh/sshd_config


Uncomment and or modify the desired lines in the configuration file and save.

  • AllowUsers user1 user2
  • AllowGroups group1 group2
  • PermitRootLogin no
  • Port 22
2016-10-25 18:18:45

Start the socket service.

  • sudo systemctl start sshd.socket


Enable the socket service to run on boot.

  • sudo systemctl enable sshd.socket
2016-10-25 18:19:13