Nov 07 2008
Adding a bit of security to your server
If you really need to keep your sshd running on a publicly accessible port and IP, this is a piece of configuration
that adds a tiny bit of extra security to your server. By specifying which usergroups are allowed to actually use ssh, you are guarding the default (system) accounts (which shouldn’t have easily guessable passwords in the first place!) with an extra layer.
Add a new group:
addgroup sshusers
Add the users which are allowed to connect using ssh:
vigr (and add the users to the group)
Add the following line to /etc/ssh/sshd_config:
AllowGroups sshusers
And restart sshd. Make sure that you have a working ssh session when testing out the changes!