我正在为我的用户设置 EC-2 RHEL 实例,以允许使用 filezilla 或 WinScp 进行文件传输。我为他们创建了帐户。其中没有一个被添加到 sudoers 中。我如何才能阻止任何用户的 ssh 访问并仅允许上传 zip、tar 文件?
答案1
将所有要拒绝 ssh 访问的用户放在同一组中,然后使用
DenyGroups <group>
sshd_config 文件中的指令。
DenyGroups
This keyword can be followed by a list of group name patterns,
separated by spaces. Login is disallowed for users whose primary
group or supplementary group list matches one of the patterns.
Only group names are valid; a numerical group ID is not recognized.
By default, login is allowed for all groups. The allow/deny direc‐
tives are processed in the following order: DenyUsers, AllowUsers,
DenyGroups, and finally AllowGroups. All of the specified user and
group tests must succeed, before user is allowed to log in.