arch sshd

Subject:

Configuration

The SSH daemon configuration file can be found and edited in /etc/ssh/sshd_config.

To allow access only for some users add this line:

AllowUsers user1 user2

To allow access only for some groups:

AllowGroups group1 group2

To disable root login over SSH, change the PermitRootLogin line into this:

PermitRootLogin no

 

Limit root login

It is generally considered bad practice to allow the root user to log in without restraint over SSH. There are two methods by which SSH root access can be restricted for increased security.

Deny

Sudo selectively provides root rights for actions requiring these without requiring authenticating against the root account. This allows locking the root account against access via SSH and potentially functions as a security measure against brute force attacks, since now an attacker must guess the account name in addition to the password.

SSH can be configured to deny remote logins with the root user by editing the "Authentication" section in /etc/ssh/sshd_config. Simply change #PermitRootLogin prohibit-password to noand uncomment the line:

/etc/ssh/sshd_config

PermitRootLogin no

2016-10-25 17:24:28gstlouis

PermitRootLogin yes

gstlouis
vote
2016-10-25 17:27:33

http://dominicm.com/openssh-server-arch-linux/

 

Configure OpenSSH

Open the configuration file.

  • sudo nano /etc/ssh/sshd_config

 

Uncomment and or modify the desired lines in the configuration file and save.

  • AllowUsers user1 user2
  • AllowGroups group1 group2
  • PermitRootLogin no
  • Port 22
gstlouis
vote
2016-10-25 18:18:45

Start the socket service.

  • sudo systemctl start sshd.socket

 

Enable the socket service to run on boot.

  • sudo systemctl enable sshd.socket
gstlouis
vote
2016-10-25 18:19:13