24.9.9 Restricting Access to SSH Connections

The Secure Shell (SSH) allows protected, encrypted communication with other systems. As SSH is an entry point into the system, disable it if it is not required, or alternatively, edit the /etc/ssh/sshd_config file to restrict its use.

For example, the following setting does not allow root to log in using SSH:

PermitRootLogin no

You can restrict remote access to certain users and groups by specifying the AllowUsers, AllowGroups, DenyUsers, and DenyGroups settings, for example:

DenyUsers carol dan
AllowUsers alice bob

The ClientAliveInterval and ClientAliveCountMax settings cause the SSH client to time out automatically after a period of inactivity, for example:

# Disconnect client after 300 seconds of inactivity
ClientAliveCountMax 0
ClientAliveInterval 300

After making changes to the configuration file, restart the sshd service for your changes to take effect.

For more information, see the sshd_config(5) manual page.