阻止 SSH 访问 EC2 实例

阻止 SSH 访问 EC2 实例

我正在为我的用户设置 EC-2 RHEL 实例,以允许使用 filezilla 或 WinScp 进行文件传输。我为他们创建了帐户。其中没有一个被添加到 sudoers 中。我如何才能阻止任何用户的 ssh 访问并仅允许上传 zip、tar 文件?

答案1

将所有要拒绝 ssh 访问的用户放在同一组中,然后使用

DenyGroups <group>  

sshd_config 文件中的指令。

DenyGroups
             This keyword can be followed by a list of group name patterns, 
             separated by spaces.  Login is disallowed for users whose primary 
             group or supplementary group list matches one of the patterns.  
             Only group names are valid; a numerical group ID is not recognized.  
             By default, login is allowed for all groups.  The allow/deny direc‐
             tives are processed in the following order: DenyUsers, AllowUsers, 
             DenyGroups, and finally AllowGroups.  All of the specified user and 
             group tests must succeed, before user is allowed to log in.

相关内容